x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:15:50 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
r5 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c40cbaeed3b00009fb10d8f9088d884bd46b49837a5ad4a1c001e2448a399ef6a81de80a02e7dab8b23725fa3779aa5ad13bd1978680f3981d153", @ANYRES16=r6, @ANYBLOB="000327bd700000000000000000000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20004001}, 0x40)
lseek(r4, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
ioctl$EVIOCGLED(r4, 0x80404519, &(0x7f0000000300)=""/183)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000140)={r2, r2})
tkill(r5, 0x1004000000016)
close(r1)

10:15:50 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000180)="025cc83d6d345f8f762070")
r1 = socket$inet(0x2, 0x2, 0x0)
sendto$inet(r1, &(0x7f0000000200), 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10)

10:15:50 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:50 executing program 5:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/syz1\x00', 0x200002, 0x0)
r1 = openat$cgroup(r0, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f00000000c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000040), 0x224)

10:15:50 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:50 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
ftruncate(r0, 0x3)
mkdir(&(0x7f0000000140)='./control/file0\x00', 0x884faaa4fba79a5b)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000040)={0x14, 0x67, 0x2, {0x4, 0x4, 0x4}}, 0x14)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000100))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)
bind$llc(r2, &(0x7f0000000180)={0x1a, 0x0, 0x4, 0xffffffffffff4115, 0x9, 0x5c6b, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x10)

10:15:50 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:50 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000640)="025cc83d6d345f8f762070")
openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x200, 0x0)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r1, 0x10d, 0xbf, &(0x7f00000001c0), &(0x7f0000000040)=0x4)

[  291.275401] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
10:15:50 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:50 executing program 4:
r0 = gettid()
rt_sigqueueinfo(r0, 0xfffffffffffffffd, &(0x7f0000000100))

10:15:53 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:53 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r3, 0x10, &(0x7f0000000040)={0x7fff})
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:53 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(0xffffffffffffffff)

10:15:53 executing program 5:
gettid()
timer_create(0x3, &(0x7f0000547fa8)={0x0, 0x14}, &(0x7f0000044000))

10:15:53 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
r1 = epoll_create1(0x0)
r2 = dup3(r0, r1, 0x0)
setsockopt$inet_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0x4)

10:15:53 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(0xffffffffffffffff, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r1)

10:15:53 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = socket$inet_sctp(0x2, 0x3, 0x84)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)

10:15:53 executing program 1:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:15:53 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = epoll_create1(0x0)
r2 = dup3(r0, r1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000080)=[{}], 0x1)

10:15:53 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = socket$alg(0x26, 0x5, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000091c0)=[{{&(0x7f0000002340)=@in={0x0, 0x0, @loopback}, 0x80, &(0x7f0000003880)=[{&(0x7f00000023c0)=""/180, 0xb4}, {&(0x7f0000002480)=""/221, 0xdd}, {&(0x7f0000002580)=""/111, 0x6f}, {&(0x7f0000002600)=""/206, 0xce}, {&(0x7f0000002700)=""/34, 0x22}, {&(0x7f0000002740)=""/233, 0xe9}, {&(0x7f0000003840)=""/35, 0x23}], 0x7}}, {{&(0x7f0000003900)=@in6={0x0, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000003a80)=[{&(0x7f0000003980)=""/98, 0x62}, {&(0x7f0000003a00)=""/37, 0x25}, {&(0x7f0000003a40)=""/50, 0x32}], 0x3}}, {{&(0x7f0000004f40)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f0000003e40)=[{&(0x7f0000004fc0)=""/227, 0xe3}], 0x1}}], 0x3, 0x0, 0x0)
bind$alg(r1, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005", 0x5)
r2 = accept$alg(r1, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f00000023c0), 0x218, &(0x7f0000000200)=[@op={0x18, 0x117, 0x3}], 0x18}], 0x1, 0x0)
recvmsg(r2, &(0x7f0000000000)={&(0x7f0000000040)=@alg, 0x80, &(0x7f0000000140)=[{&(0x7f0000002840)=""/4096, 0x7ffff000}], 0x1, &(0x7f00000000c0)=""/87, 0x57}, 0x0)

10:15:53 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(0xffffffffffffffff, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r1)

10:15:53 executing program 4:
r0 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8982, &(0x7f0000000000))

10:15:53 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(0xffffffffffffffff)

10:15:53 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r1, &(0x7f0000ef8cfd)={0xa, 0x4e23}, 0x1c)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x14)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000000)={0x8}, 0x4)
listen(r1, 0xffffffffffffffe0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6b, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback={0x0, 0xac14140b}}], 0x1c)

10:15:53 executing program 4:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000028000006a0a00fffffff6006118"], &(0x7f0000000080)='syzkalleP\x00', 0x0, 0xce, &(0x7f0000000180)=""/206}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xd, 0x5, &(0x7f0000000040)=@framed={{0x18}, [@jmp={0x5}], {0x95}}, &(0x7f0000000280)='GPL\x00', 0x9, 0x27d, &(0x7f0000000480)=""/187}, 0x48)

10:15:53 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(0xffffffffffffffff, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r1)

10:15:56 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(0x0, 0x1004000000016)
close(r1)

10:15:56 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$inet_sctp(0x2, 0x3, 0x84)
r2 = dup(r1)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @multicast1=0xe0000001}}, 0x1c)

10:15:56 executing program 3:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000040)="025cc83d6d345f8f762070")
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)="090007020000000000b55c7077fb00be2a2851264ea3a1f0b9a77c1ed5ce30cc461803db887d01b283f4fe7fe296f93c7e95b7d982e93b2ee9988846a11bb7de284e894969f4aca078f2f108cf4b00000000000000009c2f04e201680ee8d4047c33db3e83bc24346d99595718dcc7e811c4c839f56961d68625228d697e8ae95994da60116f0778501e37545d8eff600bd759ae6e0aa9f3658cd630c76070b2b9")

10:15:56 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(0xffffffffffffffff)

10:15:56 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:56 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000640)="025cc83d6d345f8f762070")
r1 = socket$inet_sctp(0x2, 0x3, 0x84)
ioctl$sock_inet_SIOCGIFBRDADDR(r1, 0x8919, &(0x7f0000000040)={'veth0_to_bond\x00', {0x2, 0x4e23, @rand_addr=0x1}})

10:15:56 executing program 1:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:56 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
getsockopt$inet_sctp_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f0000000100)={<r4=>0x0, 0x4, 0x100, 0x3, 0x5, 0x200, 0x1000, 0x9, {0x0, @in6={{0xa, 0x4e22, 0x0, @empty, 0x80000000}}, 0xfffffffffffffffc, 0x4, 0x9, 0x7, 0x4f9}}, &(0x7f0000000040)=0xb0)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000001c0)={r4, 0x191adc7d}, &(0x7f0000000200)=0x8)
setsockopt$inet_sctp_SCTP_INITMSG(r2, 0x84, 0x2, &(0x7f0000000240)={0x80, 0x3, 0x0, 0xcabe}, 0x8)
close(r0)

10:15:56 executing program 5:
socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000040), 0x4)

10:15:56 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:15:56 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:56 executing program 3:
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000001340)="025cc83d6d345f8f762070")
unshare(0x400)
io_setup(0x2, &(0x7f0000000280)=<r2=>0x0)
r3 = eventfd2(0x0, 0x0)
io_submit(r2, 0x1, &(0x7f0000000340)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000400), 0x0, 0x0, 0x0, 0x1, r3}])

10:15:56 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:56 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0)
fchdir(r1)
r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
ftruncate(r2, 0x269d40)
r3 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x5a92)
close(r3)

10:15:56 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:56 executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x0, 0x0)
dup3(r1, r0, 0x0)

10:15:57 executing program 5:

10:15:57 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(0x0, 0x1004000000016)
close(r1)

10:15:57 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:57 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:57 executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
r1 = epoll_create1(0x0)
r2 = dup3(r0, r1, 0x0)
sendmsg$netlink(r2, &(0x7f0000005a80)={&(0x7f0000000000)=@proc={0x10}, 0xc, &(0x7f00000053c0), 0x0, &(0x7f0000005980)}, 0x0)

10:15:57 executing program 1:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:57 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:15:57 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'eql\x00', <r4=>0x0})
ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000100)={@local={0xfe, 0x80, [], 0xaa}, 0x6b, r4})
close(r1)

10:15:57 executing program 5:

10:15:57 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:57 executing program 3:

10:15:57 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:57 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:15:57 executing program 5:

10:15:57 executing program 3:

10:15:57 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:57 executing program 5:

10:15:58 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(0x0, 0x1004000000016)
close(r1)

10:15:58 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:58 executing program 3:

10:15:58 executing program 5:

10:15:58 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(0xffffffffffffffff)

10:15:58 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:15:58 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x1000000)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:58 executing program 1:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:58 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$inet_sctp(0x2, 0x3, 0x84)
r2 = dup(r1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r3=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f00000001c0)={@mcast1={0xff, 0x1, [], 0x1}, 0x26, r3})

10:15:58 executing program 3:
r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='clear_refs\x00')
write$cgroup_pid(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="359f1a596fbbb25d1b6e8906ffc534be5ad9aa6802bbf2f5a34c389ef92c8a17ce675ea632bae276ef6d0c18ee8cad4f60e7926b31b7d3868e31713dd4b66fd9598ed817606ee6144ebf05c0b1293c"], 0x4f)

10:15:58 executing program 7:
socket$inet6(0xa, 0x1000000000002, 0x0)
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:15:58 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(0xffffffffffffffff)

10:15:58 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:15:58 executing program 3:
mkdir(&(0x7f0000000000)="2e2466696c6530f600", 0x0)
mount$bpf(0x0, &(0x7f0000000040)="2e2466696c6530f600", &(0x7f0000000140)='bpf\x00', 0x0, &(0x7f0000000180))

10:15:58 executing program 5:
r0 = inotify_init()
perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x857, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0xfe)

10:15:58 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(0xffffffffffffffff)

10:15:58 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:58 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:15:58 executing program 6:
socket$inet6(0xa, 0x1000000000002, 0x0)
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000100)={&(0x7f0000000040)='./control/file0/../file0\x00', 0x0, 0x10}, 0x10)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:15:58 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000180)=0x80)
sendmsg$nl_xfrm(r0, &(0x7f0000000d00)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000040)=@acquire={0x128, 0x17, 0x3, 0x0, 0x0, {{@in6}, @in=@broadcast=0xffffffff, {@in6=@local={0xfe, 0x80, [], 0xaa}, @in6=@dev={0xfe, 0x80}}, {{@in=@multicast2=0xe0000002, @in6=@mcast1={0xff, 0x1, [], 0x1}}}}}, 0x128}, 0x1}, 0x0)

10:15:58 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:58 executing program 5:
r0 = getpgrp(0x0)
perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xffffffffffffffff}, r0, 0x0, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f00000001c0), 0xfffffd44)
perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)

10:15:58 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000980)="2f007e574d000330809022cfde26555dc9ecfe1974406edad38364782d63b6612854b9e49dbdcaef718197e37e870a308b1e3a798fa788a46d3025ef933e51828ab675064e2adbe9126423b4a73d68fbe99c6db2f160d49cb6cce76c27289a4f9d197354aaa5860d2383df87526baa184d90bb7729366417bc33d765e9bc2f882a13f3a9c1f60660bd4fd2fa31d2c0a775242289bce062d10d24ded5406918a66b2c75c43fe1ff458ae5cd9fec63039ba5a7b66a60ede5ccdabc7ee77660ef2358ccdff02226021384b0c235f114ed9ade92767aecc256acdeb610df42e7169f240357f735ae5fe29017e51e27252f48b95bfbbb3a865535298bdc36d71db635f41c57771db77aeaff883feb3dc3cc24bd3c036e396ad3af37945058839e812270bc40901fa654e7cc3292a82fc80c374dc07142a1c2e9d3e2528e4fdac32bcaefe910ebd3b948a3bfebef5fa8d82473c7fbf3ec763a1b613dd747d529ea70ef0298fff5661630b99a79ec8269af9be178aeca17fefb14fd3d00975a999d79ba894dbae4c1a6ef5f1e35af57d82878226d07e63a3f45967e0ee859bb6e0f3c66e68c445208bb32bb2342948aa3f413ea981dcf59c27323f4945e325ba0e69e436e55436a9324f5a458c5acb601104cf2fc7adc67a0662f5499dc4f72fd4d8f4f68ad5da52ed8c929f751f28d9d63fa34b35d4fcfe8c548eb35e3a1d08c077e7d7ea61e716eaa6fc34287d586dcc0", 0x0, 0x0)
ioctl$sock_proto_private(r0, 0x20000005450, &(0x7f0000000100))

10:15:59 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:59 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:59 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:59 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:15:59 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
r5 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c40cbaeed3b00009fb10d8f9088d884bd46b49837a5ad4a1c001e2448a399ef6a81de80a02e7dab8b23725fa3779aa5ad13bd1978680f3981d153", @ANYRES16=r6, @ANYBLOB="000327bd700000000000000000000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20004001}, 0x40)
lseek(r4, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
ioctl$EVIOCGLED(r4, 0x80404519, &(0x7f0000000300)=""/183)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000140)={r2, r2})
tkill(r5, 0x1004000000016)
close(r1)

10:15:59 executing program 7:
socket$inet6(0xa, 0x1000000000002, 0x0)
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:15:59 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:59 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
r5 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c40cbaeed3b00009fb10d8f9088d884bd46b49837a5ad4a1c001e2448a399ef6a81de80a02e7dab8b23725fa3779aa5ad13bd1978680f3981d153", @ANYRES16=r6, @ANYBLOB="000327bd700000000000000000000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20004001}, 0x40)
lseek(r4, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
ioctl$EVIOCGLED(r4, 0x80404519, &(0x7f0000000300)=""/183)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000140)={r2, r2})
tkill(r5, 0x1004000000016)
close(r1)

10:15:59 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:59 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:15:59 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:59 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={<r3=>0x0}, &(0x7f0000000140)=0xc)
getpgid(r3)
ioctl(r1, 0x100, &(0x7f00000001c0)="6496993b6bd7fffef37d4384c8a6d15fd98e6d613af819adc8a540807e234aed174813781eacf86f941b148dcea1723391adf28a5cd6fb42409dbd005b532f125662d873bd90fd6c4d38b3efd1e7e3c10242cca5a144eab84f7b41df1011ede2eebe8a4bee45f085262f3868027935a110f7fd55ba0e76e0b1b004458170c02f456bc62a810428524dc86e")
syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0xffffffffffffffff, 0x200)
write$fuse(r2, &(0x7f0000000180)={0x28, 0x1, 0x0, @fuse_notify_delete_out={0x5, 0x8, 0x200}}, 0x28)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r4, 0x1004000000016)
close(r1)

10:15:59 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(0xffffffffffffffff, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r1)

10:15:59 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:59 executing program 5 (fault-call:1 fault-nth:0):
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:15:59 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
r5 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c40cbaeed3b00009fb10d8f9088d884bd46b49837a5ad4a1c001e2448a399ef6a81de80a02e7dab8b23725fa3779aa5ad13bd1978680f3981d153", @ANYRES16=r6, @ANYBLOB="000327bd700000000000000000000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20004001}, 0x40)
lseek(r4, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
ioctl$EVIOCGLED(r4, 0x80404519, &(0x7f0000000300)=""/183)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000140)={r2, r2})
tkill(r5, 0x1004000000016)
close(r1)

10:15:59 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:59 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

10:15:59 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:59 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:15:59 executing program 7:
socket$inet6(0xa, 0x1000000000002, 0x0)
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:15:59 executing program 0:
socket$inet6(0xa, 0x1000000000002, 0x0)
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:15:59 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:00 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:00 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
r5 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c40cbaeed3b00009fb10d8f9088d884bd46b49837a5ad4a1c001e2448a399ef6a81de80a02e7dab8b23725fa3779aa5ad13bd1978680f3981d153", @ANYRES16=r6, @ANYBLOB="000327bd700000000000000000000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20004001}, 0x40)
lseek(r4, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
ioctl$EVIOCGLED(r4, 0x80404519, &(0x7f0000000300)=""/183)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000140)={r2, r2})
tkill(r5, 0x1004000000016)

10:16:00 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0xff00000000000000, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:00 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

10:16:00 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x5})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000012)
close(r1)

10:16:00 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c40cbaeed3b00009fb10d8f9088d884bd46b49837a5ad4a1c001e2448a399ef6a81de80a02e7dab8b23725fa3779aa5ad13bd1978680f3981d153", @ANYRES16=r5, @ANYBLOB="000327bd700000000000000000000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20004001}, 0x40)
lseek(r4, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
ioctl$EVIOCGLED(r4, 0x80404519, &(0x7f0000000300)=""/183)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000140)={r2, r2})

10:16:00 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0xa4ffffff00000000, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:00 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:00 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

10:16:00 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:00 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x100000000000000, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:00 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:00 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c40cbaeed3b00009fb10d8f9088d884bd46b49837a5ad4a1c001e2448a399ef6a81de80a02e7dab8b23725fa3779aa5ad13bd1978680f3981d153", @ANYRES16=r5, @ANYBLOB="000327bd700000000000000000000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20004001}, 0x40)
lseek(r4, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
ioctl$EVIOCGLED(r4, 0x80404519, &(0x7f0000000300)=""/183)

10:16:00 executing program 7:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:16:00 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
clock_nanosleep(0x6, 0x1, &(0x7f0000000040)={0x77359400}, &(0x7f0000000100))
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:00 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

10:16:00 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x1000000, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:00 executing program 0:
socket$inet6(0xa, 0x1000000000002, 0x0)
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:16:00 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:00 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c40cbaeed3b00009fb10d8f9088d884bd46b49837a5ad4a1c001e2448a399ef6a81de80a02e7dab8b23725fa3779aa5ad13bd1978680f3981d153", @ANYRES16=r5, @ANYBLOB="000327bd700000000000000000000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20004001}, 0x40)
lseek(r4, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))

10:16:00 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0xff000000, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:00 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:00 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0xa4ffffff, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:00 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

10:16:00 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(0xffffffffffffffff)

10:16:01 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:01 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c40cbaeed3b00009fb10d8f9088d884bd46b49837a5ad4a1c001e2448a399ef6a81de80a02e7dab8b23725fa3779aa5ad13bd1978680f3981d153", @ANYRES16=r5, @ANYBLOB="000327bd700000000000000000000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20004001}, 0x40)
lseek(r4, 0x0, 0x1)

10:16:01 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0xff00, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:01 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(0xffffffffffffffff)

10:16:01 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c40cbaeed3b00009fb10d8f9088d884bd46b49837a5ad4a1c001e2448a399ef6a81de80a02e7dab8b23725fa3779aa5ad13bd1978680f3981d153", @ANYRES16=r4, @ANYBLOB="000327bd700000000000000000000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20004001}, 0x40)

10:16:01 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

10:16:01 executing program 7:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:16:01 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0xffffffa4, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:01 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x4e23, 0x80000001, @dev={0xfe, 0x80, [], 0xc}, 0xac}}, 0x7, 0x1000, 0x9fde, "a6c14377c753d3517a38170df7c299487333ffd6cb6b74d861abca68cb6f7e8b354d56938bf721be47056bd699f532c7a0a2c36fda16fda895779dc537f23fd5fdb09b3357353e2709ed3dde8fbf6251"}, 0xd8)
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000280)={<r4=>0x0, 0x0, 0xfffffffffffffe01}, &(0x7f00000002c0)=0x8)
setsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000300)=@assoc_value={r4, 0x9}, 0x8)
tkill(r3, 0x1004000000016)
close(r1)
mount$9p_rdma(&(0x7f0000000040)='127.0.0.1\x00', &(0x7f0000000100)='./control\x00', &(0x7f0000000140)='9p\x00', 0x200000, &(0x7f0000000380)=ANY=[@ANYBLOB="7472616e733d72646d612c706f72743d3078303030303030303030303030346532302c6d73697a653d3078303030303030303030303030303030312c73713d30303030303030303030303030303030303135312c72713d30303030303030303030303030303030303132392c6163636573733d757365722c73713d30303030303030303030303030303030303036342c73713d31383434363734343037333730393535313631332c73713d303030303030303030303030303030333237363d3970323030302e752c0009b6a32f5c610d908c7a37bef4ef373c97051ab708bb685dd35b8f14c8a9521f0a04d4d7d7910424867c3dc5d8bf54516438a2e2bc2952cfd80f951cedc16c00a17f920b0fc5da9eb06a411ab83cb42267c183fa904afab4a81c3f043e496a5539e885e865d9b32a1bae8db9000caf9fbcccac07fcf2712f2f245fa3c68b90bb7e912f9520cd86ffd0b7e4aa2c9cd6a53fea9295b64c39f29ae816941c133d0cb869f103977c477bf2b20a4a734a263a63fccc11a2ff922e3bcf7cbc7c69d7e90f568d6476258b002cfbfbe252d94df62a2f38c3ca7627971dd4657ad335a7a41c084dbe4d47fa7fea1584078c8d529cb94823bbc3cc3c9928e71d5097a4366a"])

10:16:01 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(0xffffffffffffffff)

10:16:01 executing program 0:
socket$inet6(0xa, 0x1000000000002, 0x0)
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:16:01 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xcf, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:01 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:01 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')

10:16:01 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

10:16:01 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xd0, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:02 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))

10:16:02 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:02 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0x29, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:02 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:02 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

10:16:02 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0x30, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:02 executing program 7:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:16:02 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:02 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x4000000400000018)
close(r1)

10:16:02 executing program 0:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:16:02 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

10:16:02 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
gettid()

10:16:02 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x20000, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000180)={0x1, 0x101, 0x1, 0x0, 0xe})
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:02 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:02 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x8)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
ioctl$sock_inet_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040))

10:16:02 executing program 2:
socket$inet6(0xa, 0x1000000000002, 0x0)
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:16:02 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)

10:16:02 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

10:16:02 executing program 5:
r0 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x3ff, 0x440800)
r1 = openat$cgroup_ro(r0, &(0x7f0000000200)='cpuacct.usage_all\x00', 0x0, 0x0)
ioctl$KVM_X86_SET_MCE(r1, 0x4040ae9e, &(0x7f0000000180)={0x8200000000000000, 0x100005, 0x6, 0x1, 0x4})
r2 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r2, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:03 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:03 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
creat(&(0x7f0000000000)='./control/file0\x00', 0x0)

10:16:03 executing program 5:
r0 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x3}, &(0x7f00000001c0)="db3850739c3f23d722e5ba0200d3a11a048f050e2427d9f1fcc5418f7569b219ecade4fd6f7db89301df5510e72a2484d5b33d224373845b24aa82ff02a07977ef01b2bb229b0bca47f04093d313b9eb06b7ad1051a5197ad92bfd32cb26a2c63efff027e416a367c30be41618c79f7d0312077472c4f8769bfd876e2bb1e736d315560a1ab0ca8339d940a4469821f2a7460702eff2b2876d650b5730264c7cd4ff043762c29c91dcc4f04aba956086bbb9624cc223b91cfe62859c4d2150", 0xbf, 0xfffffffffffffffa)
r1 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000340)={0x73, 0x79, 0x7a, 0x1}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$search(0xa, r0, &(0x7f0000000080)='logon\x00', &(0x7f0000000280)={0x73, 0x79, 0x7a, 0x3}, r1)
r2 = socket$inet(0x2, 0x3, 0x2)
r3 = memfd_create(&(0x7f0000000300)='[!\'\'wlan1wlan1*@eth1[\x00', 0x800000000002)
ioctl$SNDRV_TIMER_IOCTL_INFO(r3, 0x80e85411, &(0x7f0000000100)=""/136)
ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000380)=<r4=>0x0)
ioctl$sock_inet_tcp_SIOCATMARK(r3, 0x8905, &(0x7f00000000c0))
ioprio_get$pid(0x2, r4)

10:16:03 executing program 7:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:03 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

10:16:03 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:03 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = syz_open_pts(0xffffffffffffff9c, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0xffffffffffff8791)
getsockopt(r0, 0x0, 0xca, &(0x7f0000000000)=""/203, &(0x7f0000000280)=0xcb)
r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x2f87b2f, 0x515000)
ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0)

10:16:03 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

10:16:03 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x201, 0x36, 0xffffffffffffffff, 0x3a)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:03 executing program 0:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:16:03 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:03 executing program 5:
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r0, 0xc008551b, &(0x7f0000000280)=ANY=[@ANYBLOB="0001010000e5400000c8873fe25a30c79961"])
r1 = socket$inet(0x2, 0x3, 0x2)
signalfd(r1, &(0x7f0000000240)={0x7fff}, 0x8)
getsockopt(r1, 0x10000, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000040)=0xcb)
getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f00000001c0)=0x100000000, &(0x7f0000000200)=0x4)

10:16:03 executing program 2:
socket$inet6(0xa, 0x1000000000002, 0x0)
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:16:03 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

10:16:03 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:03 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa, 0x2})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
socketpair(0xe1864db5a8637bca, 0x805, 0x8000, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r3, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0xc4c85513, &(0x7f0000000100)={{0x7, 0x7, 0x1, 0x4, 'syz1\x00', 0xffffffffffffffff}, 0x1, [0xb2, 0x6, 0xffffffffffffffc1, 0x22ac, 0x10001, 0x8, 0x5, 0xf99, 0x8, 0x2, 0x4e9e4541, 0x3, 0x7ff, 0x2, 0x0, 0x0, 0x7, 0x5, 0xf7, 0x1, 0x1000, 0x100000000, 0x3, 0xde, 0x1, 0x4, 0x8001, 0x7, 0x80000001, 0xffff, 0x2, 0x5, 0x101, 0xac2f, 0x5, 0x0, 0x2, 0x5, 0xb80000000000000, 0x4, 0x3, 0x4, 0x1, 0x1, 0xffff, 0x9673, 0xfff, 0x4, 0x100000001, 0x7f, 0x100, 0x0, 0x1, 0x3, 0xfff, 0x0, 0x24, 0x100000001, 0x9, 0x9, 0x7, 0x70, 0x0, 0x259, 0x4, 0xef66, 0x0, 0x4, 0x2, 0x7f, 0x2, 0x7f, 0x2, 0x2, 0x2, 0x80000001, 0x14, 0x48, 0x8001, 0x8de, 0xffff, 0x1, 0x2, 0x4, 0x10f, 0x7fffffff, 0xfffffffffffffffd, 0xdf, 0xf4e1, 0x4, 0xfffffffffffffff7, 0xfff, 0x3, 0x3, 0xd06, 0x5, 0x8, 0x6, 0x3, 0xfffffffffffffffe, 0x3ff, 0x7fff, 0xff, 0x5, 0x1, 0x4f, 0xfffffffffffffffc, 0x40000000, 0x9, 0x7ff, 0x7, 0xfff, 0x5, 0x2, 0x5, 0x6, 0x7fff, 0x4, 0x3, 0x6, 0x3, 0x1000, 0x7fff, 0xa1c3, 0x1, 0x100, 0x80, 0x5], {0x77359400}})
tkill(r4, 0x1004000000016)
close(r1)
ioctl$sock_inet_SIOCGIFDSTADDR(r3, 0x8917, &(0x7f0000000600)={'yam0\x00', {0x2, 0x4e24, @local={0xac, 0x14, 0x14, 0xaa}}})

[  304.684110] QAT: Invalid ioctl
[  304.699473] QAT: Invalid ioctl
10:16:04 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080))
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:04 executing program 5:
r0 = socket$inet(0x2, 0x2, 0x9)
getsockopt(r0, 0xffffffffffffff00, 0x20000000000ce, &(0x7f0000000080)=""/203, &(0x7f0000000040)=0xcb)

10:16:04 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:04 executing program 7:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:04 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:04 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
r1 = dup(r0)
ioctl$TIOCSSOFTCAR(r1, 0x541a, &(0x7f0000000040)=0x5)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0xe000)=nil, 0xe000}, 0x2})
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000140)={0xaa})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r3, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r4, 0x1004000000016)
close(r2)

10:16:04 executing program 5:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x82, 0x0)
shutdown(r0, 0x0)
r1 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r1, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:04 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

10:16:04 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
r2 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r2, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:04 executing program 0:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:16:04 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = socket(0x5, 0x1, 0x401)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000040)={0xffffffffffffffff, 0x8001, 0x80000001, 0x4, <r2=>0x0}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000001c0)={r2, 0x3f37, 0x80000001}, 0x8)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:04 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

10:16:04 executing program 2:
socket$inet6(0xa, 0x1000000000002, 0x0)
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:16:04 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r2, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:04 executing program 5:
r0 = socket$inet(0x2, 0x4, 0x4)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:04 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

10:16:05 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080))
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:05 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
userfaultfd(0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:05 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

10:16:05 executing program 7:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:05 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000040)={0x4, [<r4=>0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000100)=0x14)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, &(0x7f0000000140)={r4, @in6={{0xa, 0x4e20, 0xfffffffffffffffd, @mcast2={0xff, 0x2, [], 0x1}, 0xffff}}, [0x100, 0x1ff, 0x0, 0x7ff, 0x1, 0xffff, 0x3f, 0x9, 0x80000001, 0x9, 0xa03c, 0x5, 0x3f, 0x6, 0x7]}, &(0x7f0000000240)=0x100)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:05 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000180)={0x4, &(0x7f0000000040)=[{0xfffffffffffffffa, 0x4, 0x120, 0x8000}, {0x1, 0x7, 0x3f, 0x83cc000000000000}, {0x127, 0x2, 0x7, 0x7fffffff}, {0x6000000000, 0xff, 0xfff, 0x2a}]}, 0x10)
r1 = accept4$inet6(0xffffffffffffff9c, &(0x7f00000001c0), &(0x7f0000000200)=0x1c, 0x800)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000240)='reno\x00', 0x5)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:05 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:05 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

10:16:05 executing program 5:
lremovexattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="ffffff7f000000002e00"])
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x12000, 0x0)
setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000280)={0x7, 0x100000001}, 0x2)
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
r1 = socket$inet(0x2, 0x80800, 0x6)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000300)=""/203, &(0x7f0000000400)=0x200)
ioctl$sock_SIOCBRDELBR(r1, 0x89a1, &(0x7f00000002c0)='team_slave_0\x00')
setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r0, 0x111, 0x1, 0x800, 0x4)

10:16:05 executing program 0:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:05 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:05 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

10:16:05 executing program 2:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:16:05 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
r1 = syz_open_dev$vcsn(&(0x7f0000000280)='/dev/vcs#\x00', 0x0, 0x40400)
ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f00000002c0)={&(0x7f0000ffc000/0x4000)=nil, 0x4000})
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000180)={<r2=>0x0, @in={{0x2, 0x4e21}}, 0x8, 0x6, 0x5, 0x1, 0x4}, &(0x7f0000000040)=0x98)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000240)={r2, 0x100000001}, 0x8)

10:16:05 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:05 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

10:16:06 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080))
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:06 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x3)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000040)={{{@in=@broadcast, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@local}, 0x0, @in=@remote}}, &(0x7f0000000140)=0xe8)
getsockopt(r0, 0xfffffffffffffffd, 0x2, &(0x7f00000001c0)=""/203, &(0x7f0000000480)=0x3bc)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000180)={0x200, 0x2, 0x3f, 0x40}, 0x10)
r2 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x6, 0x10000)
setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r2, 0x111, 0x4, 0x400000000001, 0x4)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000440)={&(0x7f0000000400)='./file0\x00', 0x0, 0x10}, 0x10)
ioctl$ASHMEM_PURGE_ALL_CACHES(r2, 0x770a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f00000002c0)=@raw=[@exit={0x95}, @initr0={0x18, 0x0, 0x0, 0x0, 0x604e40f3, 0x0, 0x0, 0x0, 0x80}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x5}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2}, @alu={0x7, 0x1f, 0xf, 0xf, 0xf, 0xfffffffe, 0x10}, @ldst={0x2, 0x2, 0x0, 0x7, 0x8, 0x2, 0xffffffffffffffff}], &(0x7f0000000340)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x1, [], r1, 0x5}, 0x48)

10:16:06 executing program 3:
socket$inet6(0xa, 0x1000000000002, 0x0)
r0 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:06 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:06 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000100)={<r3=>0x0, @in={{0x2, 0xfa59}}, 0x5, 0x9af, 0x2, 0x400, 0x5}, &(0x7f0000000040)=0x98)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000001c0)={r3, 0x3f}, 0x8)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r4, 0x1004000000016)
close(r0)

10:16:06 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

10:16:06 executing program 3:
socket$inet6(0xa, 0x1000000000002, 0x0)
r0 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:06 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0x8, 0x105000)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f00000002c0)={0xfffffffffffffffd, 0x7, 0x8000}, 0x4)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000300)={<r2=>0xffffffff}, 0x111, 0x7}}, 0x20)
write$RDMA_USER_CM_CMD_CONNECT(r1, &(0x7f0000000380)={0x6, 0x118, 0xfa00, {{0x9, 0x8ed, "502a58c17fe47f2acec0edbb78107481e5a0afe21596d314691b997a967bd9e52d75b8330d447e7c82901b6bb89c913337cef653cc88b7ea23325c36c084f85bfa0ce18192863d5ed19fa992c51452c23eb7687eddd196fb841324cf69f6905fdd7cf7ceba28a01c46a569fc52500787fbf6a6edb052504a5b2e3e83385cbc5cb251a8b74ebf14863da2f66cfb41e69af1c932e8d02f2a19b80afa8e325e468fe3a37050d39dc0fc19fd2c2ef999f0fc7b579eee5bfcfde967c134d1bffe24eb802a1eed5bf7f183315c0fcb575bc9c53bc61add716e2804c3056e9114f24209ea2c2823fd64095c0739a60bcc05468c1a36cc94a39cd6344d1d0e5010804ad5", 0xf4, 0xffffffffffff0000, 0x1, 0xfe46, 0x80000001, 0x80000001, 0x2, 0x1}, r2}}, 0x120)
socket$pppoe(0x18, 0x1, 0x0)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
r3 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x2f2a, 0x40)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r3, 0xc08c5336, &(0x7f00000004c0)={0x4394, 0x7ff, 0xfffffffffffffffd, 'queue1\x00', 0x80})
ioctl$KVM_GET_IRQCHIP(r3, 0xc208ae62, &(0x7f0000000180)={0x0, 0x0, @ioapic})

10:16:06 executing program 0:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:06 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0x20000, 0x0)
getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000180)=0x20, &(0x7f00000001c0)=0x2)
r2 = socket(0xa, 0xe, 0x20)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00')
mount$9p_fd(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='9p\x00', 0x8, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB="2c7766646e6fa3dda0b718e0902718e6ac3d5ab85920455e66ea0413530fdab4ba403f3fb92e9f3f5f7df3a1e00f635ea0835cd1373c44477aea81f225120ab41f78bd68f265ee0948449f49f5baf3de359f35783f252d02251443194b634f8934344f26b4a7d8925db571de96e17b08d5793d84d35795eb85d1f0ec6586ca26c7bb9e9dfe7cdc807802dda53ff28406041874fecf77e2f257ff97d31e99043f5745a92a5054db0cf6787bad8e0dc602ea225ad8fda981cbeddfae044e8251f47aa045e019dc559ee0739e72a3d52aad9e61ba0357a536cdfbcd1210d1145975f5589458785d040c286c2136dc1fd49fd940cb951715c5d5ef28e5e191af26be16e2fbdd79ff5d6b7b33b478d91d9a4d75324fbb14e0e6", @ANYRESHEX=r1, @ANYBLOB=',mmap,version=9p2000,loose,afid=0x0000000000000001,\x00'])
ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f0000000240)=@add_del={0x2, &(0x7f0000000200)='sit0\x00', 0x101})
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="6d616e676c650000000000000000c100000000000000000000000000000000006100000000000000e00000000000000000000000000000000080891e32000000440000007d87531f85000000000000000000000000000000000000000008"], 0x68)

10:16:06 executing program 3:
socket$inet6(0xa, 0x1000000000002, 0x0)
r0 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:06 executing program 4:
socket$inet6(0xa, 0x1000000000002, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

10:16:06 executing program 2:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:16:06 executing program 3:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r0 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:06 executing program 5:
r0 = accept4$inet(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, @multicast1}, &(0x7f0000000300)=0x10, 0x0)
setsockopt$inet_buf(r0, 0x0, 0x2f, &(0x7f00000001c0)="ec5838494100e13ab3504a361e658f03f120047aa84c327f44491ba577565752bc20ebb3732ef95702ec0ed9e0cecb893bc379ff6d4a3bf8dd37b3e01b077bd90256a7a18552b677e50e234d0735aa568bb617375e24", 0x56)
chroot(&(0x7f0000000240)='./file0\x00')
r1 = socket$inet(0x2, 0x80000, 0x2)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x6a8280, 0x0)
ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000280))
getsockopt(r1, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:06 executing program 3:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r0 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:06 executing program 3:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r0 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:06 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x1, 0x2000)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00')
sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x220000}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="f8000000", @ANYRES16=r2, @ANYBLOB="000028bd7000fcdbdf250ca400000c000100080008007206000068000300080007004e2200001400060000000000000000000000000000000000080007004e210000140002006e7230000000000000000000000000000800030004000000140002007465616d5f736c6176655f3000000000080004000800000008000500e000000208000600000000001400020008000800ff000000080003000700000008000500ff0300000800060000000100180001000c000700240000000400000008000200670000000800040001800000240002000800090009000000080004007c46000008000800000100000800090000000000"], 0xf8}, 0x1, 0x0, 0x0, 0xc000}, 0x8004)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:06 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d34")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:07 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:07 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000040)={0xffff, 0x7, 0x2, 0x5, 0x6, 0x48, 0xfffffffffffffff8, 0x2, 0x9e7a, 0xffff, 0x101, 0x1})
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:07 executing program 4:
socket$inet6(0xa, 0x1000000000002, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

10:16:07 executing program 3:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:07 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0xbcd, 0x80000)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r1, 0x4010aeab, &(0x7f0000000180)={0x10000, 0x4000})
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:07 executing program 0:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:07 executing program 2:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
close(r0)

10:16:07 executing program 5:
getsockopt(0xffffffffffffffff, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:07 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='\x00', 0xffffffffffffff9c}, 0x10)
ioctl$sock_bt_bnep_BNEPCONNDEL(r1, 0x400442c9, &(0x7f0000000240)={0x3, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]})
ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000200)={'veth0_to_bond\x00', {0x2, 0x4e24, @multicast1=0xe0000001}})
setsockopt$inet6_tcp_int(r1, 0x6, 0x17, &(0x7f00000001c0)=0xed15, 0x4)
ioctl$sock_proto_private(r1, 0x89e8, &(0x7f0000000280)="ab75313e612ba533ca0672ffbf90dc1b443a69086a2d8b18790047595c75c6375fa35ba238c36fb3801c922650c61450c052429f7d9dad1333c4408e132eafb09ff4c18c3a8b2e0f1c23ee8175d033b887a2eda39370969244b1be18fc2ac3517a278ad77985e5828d4c83c1423834c61cd5e3c5663596b41abed49343a13f3db20e5b262394f4ad832db347b424eef8ef264444bd3fd08afdc867")

10:16:07 executing program 3:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:07 executing program 4:
socket$inet6(0xa, 0x1000000000002, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

10:16:07 executing program 3:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:07 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000180)=""/203, &(0x7f0000000000)=0x8d)

10:16:07 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:07 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
socketpair$inet_udplite(0x2, 0x2, 0x88, &(0x7f0000000040))
getsockopt(r0, 0x0, 0x80000001, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0x452)
pipe(&(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f00000001c0), &(0x7f0000000200)=0x4)

10:16:07 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d34")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:07 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:08 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x1000000000800)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000000040)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:08 executing program 4:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

10:16:08 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x20000, 0x0)
ioctl$TIOCGPTPEER(r1, 0x5441, 0x7)
getsockopt(r0, 0x0, 0xcf, &(0x7f0000000180)=""/203, &(0x7f0000000000)=0xcb)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001600)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DEST(r1, &(0x7f0000001740)={&(0x7f00000015c0)={0x10, 0x0, 0x0, 0x3000000}, 0xc, &(0x7f0000001700)={&(0x7f0000001640)={0x88, r2, 0x4, 0x70bd25, 0x25dfdbff, {0x5}, [@IPVS_CMD_ATTR_DEST={0x20, 0x2, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@multicast1=0xe0000001}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xc8e}, @IPVS_CMD_ATTR_DEST={0x44, 0x2, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0xa}}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x9e}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@multicast1=0xe0000001}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}]}, 0x88}, 0x1, 0x0, 0x0, 0x4}, 0x4000800)
recvmsg(r1, &(0x7f0000001580)={&(0x7f0000000080)=@nfc_llcp, 0x80, &(0x7f00000014c0)=[{&(0x7f0000000100)=""/96, 0x60}, {&(0x7f0000000280)=""/62, 0x3e}, {&(0x7f00000002c0)=""/4096, 0x1000}, {&(0x7f00000012c0)=""/153, 0x99}, {&(0x7f0000001380)=""/49, 0x31}, {&(0x7f00000013c0)=""/212, 0xd4}], 0x6, &(0x7f0000001540)=""/53, 0x35, 0x1}, 0x10000)

10:16:08 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:08 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:08 executing program 2:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:08 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x9, 0x200)
ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000180)={0x74, 0x0, [0x100, 0x3, 0xfffffffffffffffe, 0x40]})

10:16:08 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:08 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_group_source_req(r0, 0x0, 0x2c, &(0x7f0000000180)={0x5, {{0x2, 0x4e22, @multicast2=0xe0000002}}, {{0x2, 0x4e24, @rand_addr=0x6}}}, 0x108)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
tee(r0, r0, 0x20, 0x4)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000040)={<r1=>0x0, 0x751, 0x8, 0x43e, 0x5, 0x81}, &(0x7f00000002c0)=0x14)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000300)={r1, 0x3, 0x4, 0x1f, 0x8, 0x3}, 0x14)

10:16:08 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:08 executing program 4:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

10:16:08 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000180)=""/203, &(0x7f0000000280)=0xcb)

10:16:08 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:08 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x101000, 0x0)
getsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f00000001c0)={@dev, @remote, <r2=>0x0}, &(0x7f0000000200)=0xc)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0xc)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000005c0)={{{@in6=@mcast1, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@dev}, 0x0, @in=@local}}, &(0x7f00000006c0)=0xe8)
getresuid(&(0x7f0000000700)=<r5=>0x0, &(0x7f0000000740), &(0x7f0000000780))
sendmsg$nl_xfrm(r1, &(0x7f0000000a80)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000a40)={&(0x7f00000007c0)=@newpolicy={0x250, 0x13, 0x200, 0x70bd27, 0x25dfdbfb, {{@in6, @in6=@loopback={0x0, 0x1}, 0x4e22, 0xfffffffffffffe08, 0x4e24, 0x1, 0xa, 0x0, 0x80, 0x11, r2, r3}, {0xffff, 0x8, 0x100, 0x7, 0x3, 0x1000, 0x4, 0xea}, {0x7fff, 0xfff, 0x6, 0x7}, 0x1, 0x6e6bbd, 0x1, 0x0, 0x2}, [@sa={0xe4, 0x6, {{@in=@multicast2=0xe0000002, @in=@multicast2=0xe0000002, 0x4e22, 0xe5df, 0x4e24, 0x4, 0x0, 0xa0, 0x80, 0x3d, r4, r5}, {@in6, 0x4d2, 0x6519d64a1484c33d}, @in6=@ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}, {0x2, 0x401, 0xffffffffffffffff, 0x1, 0x81, 0x589, 0x1, 0x80000000000000}, {0x1c2, 0x5, 0x10000, 0x6}, {0x7ff, 0x7, 0x6}, 0x70bd2c, 0x3505, 0xa, 0x4, 0x8, 0xa8}}, @mark={0xc, 0x15, {0x35075c, 0x80000001}}, @sec_ctx={0xa8, 0x8, {0xa1, 0x8, 0x1, 0x8000, 0x99, "c0672263558d5db73d6f610b3e841fb8aec5fda6a1be9ea2ac7519d28ef6e248249a31b628e3861f684967adcce259b59e8b3bc0fbf5714c29fa64cdcb65fb5754f8a18e8df6d5b86c882fbff437151424dbb2dd34bcf2af9468dbaf8d9df71bfd7552fa2d53aad33af1ece100c43bfc5375f3cb3188efb2aacab1ef5985ac20d4eb1d3a832570f14979320a5cafdc191444205e56a4274f9b"}}]}, 0x250}, 0x1, 0x0, 0x0, 0x800}, 0x8040)

10:16:08 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d34")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:08 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:09 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x800000000)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f00000002c0)={'erspan0\x00', {0x2, 0x4e21, @loopback=0x7f000001}})
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
syz_open_dev$sndseq(&(0x7f0000000280)='/dev/snd/seq\x00', 0x0, 0x200000)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)=<r4=>0x0)
lseek(r2, 0x0, 0x1)
read$eventfd(r2, &(0x7f0000000040), 0x8)
timer_settime(r4, 0x0, &(0x7f00000000c0)={{}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r2, 0xc1105518, &(0x7f0000000140)={{0x0, 0x7, 0x2, 0x1, 'syz0\x00', 0x9}, 0x5, 0x10000000, 0xaaba, r3, 0x5, 0x0, 'syz1\x00', &(0x7f0000000100)=['\x00', '-\x00', "6367726f75705dda6e6f6465766370757365745e2d00", '\x00', '\x00'], 0x1b, [], [0x100000001, 0x8, 0x17, 0x1ff]})
close(r1)

10:16:09 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:09 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x8, 0xce, &(0x7f0000000180)=""/203, &(0x7f0000000040)=0x46d)

10:16:09 executing program 4:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

10:16:09 executing program 2:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:09 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:09 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000180)=0xcb)
ioctl$BLKGETSIZE64(r0, 0x80081272, &(0x7f0000000040))

10:16:09 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080))
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:09 executing program 5:
r0 = socket$inet(0x2, 0x0, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x40002, 0x0)
unlinkat(r1, &(0x7f0000000300)='./file0\x00', 0x0)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}, 0xff1e)
r2 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x81, 0xa03)
syz_open_dev$evdev(&(0x7f0000000280)='/dev/input/event#\x00', 0x100, 0x2000)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f0000000440)=0x14)
sendmsg$key(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="0080ff060200001d2bbd70000100df25edad56fe341ac6af8f943e57ea3839e20ab735215f5f8f8e93fe2ca934e96988ec33232718ab7c1200000000b7c100f86cfe6f9ad91a70fed20964a6c14819735546691e2744d509b1d67b6aeaa06dfd7913d2d030f3022d387e32f9ef712be89572a5af7c3b8c96200fb9fc3f8015c00e1cbb25de88c5a750e0e760f87292174f6bd179103b8600cd36eab09059ea29084bc26f2a9ab900aad8928d4787c5d098524a031d4b111466f1223e107b47ebaee06021d64be3198329afc3941ba0b8774fb67ef94bd256741e262ac308689f46a066622a393d4e3e5ef1619148d02e9b9ce21e"], 0x10}, 0x1}, 0xc895)

10:16:09 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080))
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:09 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080))
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:09 executing program 4:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:09 executing program 5:
getsockopt(0xffffffffffffffff, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000040)={<r0=>0x0, 0x1}, &(0x7f0000000180)=0x8)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f00000001c0)={0xb8a, 0x8200, 0x1f, 0x7, r0}, &(0x7f0000000200)=0x10)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vsock\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000280), &(0x7f00000002c0)=0x4)

10:16:09 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d34")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:09 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f76")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:09 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:12 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80004)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:12 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt(r0, 0x9, 0x0, &(0x7f0000000180)="20a0076cda92be0f6345dff57db3d0cac781271deae80554d9e91e66205218013c7a2db9951588bda24b3e98267b4f9087d7e981b56e2138c355d4043268ef830c896fb1bc845443da7318d17c35b54b09a1e5ab313a1dfe760ec764dc35718f65154f1c3e5d900a0b3bd3fc9d9a68379364677766288b", 0x77)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:12 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d34")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:12 executing program 4:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:12 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:12 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f76")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:12 executing program 2:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:12 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:12 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d34")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:12 executing program 5:
r0 = socket$inet(0x2, 0x3, 0xffffffffffffffff)
setsockopt$sock_void(r0, 0x1, 0x3f, 0x0, 0x0)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:12 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
ioctl$KVM_GET_LAPIC(r2, 0x8400ae8e, &(0x7f0000000100)={"e33913e7b647a6c75be82efb32a69c68cae1e7871a1acb10b5125ac507dff8addcf7ca8811bc652ef708b02e2bcabc7392527757d4172d2d4f4cda774aff66cd02fcf072bd3e1b5a6e812168692ca3184ed1fdb85c03c779ec26762ba9b98e4f550565d50491a8df20ed525e9b425e00633356a60a1d75ca2124d96db08da9373c78d0a4bf9650b80a6525cbed3d6ba08640313f90688e06b4af57559552be84e5c74890f63aecb638a784cfb89b842ce8a6e45040fa03cad4fc51d2f93b288ac5de9928679d8729426cde6aab7797076d83d0fdf09b2753b28d668cd2f0a4c0ffe88ae57aaf5c25ddb2859eeca98d039a9eaddd0e283ceeb8e850663a580b4382984f15a220d83fb3667d10672dd11217c4ef5627d997c3a9208ea02142de4c691548f9849cc27baac9f082f9c048def24f1dcb16d5f4999b328c3eefd0302fcb114eb84caaa7ce88c972f97e758c57345caedb7082cefe6f0a741921033391499e274090f54a941dd6e94e4119f21bddd0cfc2a4ae61fbb5795f8c06ecd28cb4627bac4b78347eeb2f807666d59a44e3ad6f7411521e1535ac4c052e985414a9acea0aeccaad3145d068ec168145d15847d495d1a6b7665986f0e253ed77a83ec2d97620805d9e6564e4472ae4076ce2d3015c0cead259fbe34eaf9135020c087c99164aa2c4c0528c597fbbb3c57c2e43160893925ef917b57b0c97cf830a8b6b802879037fb82d057f37403e8fb462b43d6a9fc67475dfd6e1665850f557d23514a53b7a3a4134f88f5ff833956d47e81157c8dc75b52320361106d3f0cf6a1800a4657daeefffa6cf873d4e24cd9bb6661cb281cfbc110055867b0eed70914844642317492ae79e05a7c0bd6bfd723126415b5b05ffa7779cf02d3ac7ce12a758e07f09dd590465a88a57c26065df2cb94fc379a583cac6a6ca76cca39c40d4202cb32dad8c975615b632d2b1a2e5a664460db3439957bbfc11a5a4d09ad6bd1cd9267985d754ace48b25b1eddbdc9469e494964b7fc23ed294d4d31b43e5b278c0f35da2ddbe21ae3cecfdd6894c3abc2a7fd9a9796faae1eed27937ab4477d40d437f4996a19c8534a81bfb6cb06fbcc1237dce54b47fd7797268c95492fbdca50826efb7e1be408ddeef5763daa333044062cdeccf9a84624f9cf39555d2cd8c0624015367a9be23ba93d78b6e17f50ecda16c66d7500c0adf4892a665ebcb093c8ac082228e10bcb44d200535819e6b3ebbdaf34a753e26e99e0ad513bb2baade1ed7b0c998fa96b17618b91e2f736fb673a3798c90a3975b88f22b762ee406fa6b482d4d3cc0253f0224d7f9efb090af822c1c960b6f36b96563fa400ce7f43c58486170400a3e2b98c0ad6aa680c08888753b50b338ea78f73ea23d5741b55cc81537ae43b5386a6e18fff1542789131272d88a0b26ddd440117f"})
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)
ioctl$EVIOCGEFFECTS(r2, 0x80044584, &(0x7f0000000500)=""/4096)

10:16:12 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f76")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:12 executing program 5:
r0 = socket$inet(0x2, 0x4, 0xffffffffffffffc1)
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000040)={<r1=>0x0, 0x80000000}, &(0x7f0000000180)=0x8)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={r1, 0x5a, &(0x7f00000001c0)}, &(0x7f0000000240)=0x10)
ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8934, &(0x7f00000001c0)={'lo\x00', 0x80})
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:12 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f76")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:12 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}], 0x10)

10:16:12 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f76")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:12 executing program 4:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:12 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
recvmsg(r0, &(0x7f0000000300)={&(0x7f0000000180)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000200)=""/90, 0x5a}], 0x1, &(0x7f0000000280)=""/90, 0x5a, 0x400}, 0x40010020)

10:16:12 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f7620")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:12 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f7620")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:13 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:13 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:13 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:13 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080))
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:13 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f7620")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:13 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f76")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:13 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f0000000100)='./control/file0\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:13 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:13 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:13 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:13 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x408000, 0x0)
sendmsg$nl_netfilter(r1, &(0x7f0000001400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x600}, 0xc, &(0x7f00000013c0)={&(0x7f0000000140)={0x124c, 0xb, 0x3, 0x300, 0x70bd25, 0x25dfdbfe, {0x2, 0x0, 0x4}, [@nested={0xb8, 0x34, [@generic="f5690daa", @generic="4926dae579fc0eebdad5375a7e0c52bd2512f38654d3fad0ffa9006aa14683d11ed4d8ed6463a2205b17e1e67f558de1dc4a9788c927592ea3c33b", @generic="b51f3e54d3a7f8ad13bb9cb330f32563d62c674e43504257efd90d303879f267d255c387ffca65e279a1f93e90add85c1ecff7a7052e024ce0fd550d2b050d0b58d31181dab7c09e0a2e9fc159af86e2f6269b7d525c38c661aa47e93c9d3fb2224d0ff1332039d13a4f011ca48910fba1ce98"]}, @generic="8d00de718a2d9bd579bdba5ea1544b4632b83e0c496c59cf986a479b9c9e3856517e92c95a17ecb94dc05d9aad7a1de067fbbfb58e175e71eeaa4ed2b3af63ece0a00e1943d1fab512c48ff138485d91be68e15f9991d358650d7f966e4e663db365cba96f3c25d44e1362248ab1181788a73ba38f226393412cb49ac72da27a59cb3bf22d66f7297926bb78ade68621484b4ae73f5f78885532a836bea9928e81ebf888f9c39ccffefa779157112c6127f22087d3a4e1ae91ac8502c8323d736dde6e0944919a189f04d24cb4fda1717630991cbd7a4d2e2ae4054884a2315de3dd35159ed57bbe138123030e90baaaa59a37a1b58514d45ded1cc8cdd079bb957422ed88eb949cc8b239f8104dcb4388c5af2126c3980aed78ae0f852b675eb90a424a3327419ae018a17edf4593656140c96a6052870404dcb375a6542d18c60a185034673a7e3528dad8b990f1e5081359a7e0452e738abeed224921d83811a90312cc6c53b454c5edf450ebf66b61d2ddf4c4af523aed70eccefeecd07d35a2b01e5ae415a131a423a3da363feed4f437927a7aaf67266e815fce18b53722e9a44edca86c222d486df15c998f0b8b90d6d25d301d1adb50b79ca44a98803522c32030d40e83f4147ea3d7a11fa2d60ffec9212677196e2ce6af964b856a98cf5e3de0f9af7ba1df04439c5849290af698d2c8cec9a022eaad8a5251e0fc02947344d2edff073b3043df50cd9adf9e0e151c2b18986df9e68230a0157ccd8f68c3042f52c8a515464cbf9160e228fcc338e10c8cd7c87cd73f3cfc32a1cc2cc2eb10539cefc7b6272ac267d97466ea0059196dd9f14a7ad7f7734634037fe6e685e3d57c1ba731451c8e7695670af050b54c7f263cec1f9c608a92894247eaf39c380cb0689ffb4a0a9a481ccc3879f4573f36b856034c7f77d6523e23208fe20e7a63742fc12cb55fb9a72caa73a004483ee0b001d130addfdb40c3d74271573a460e82046b2e3d74424dbc62202870c65343946850b0a9af45d0791c796d11022c30194ff04029a593961d6cceb6e3b79d9c598204ad4916c2ed2fe7cb15027f9195659ec79b997c049c7eb208ef231b47e9b49b90b3c0320c128e4007be0c185aadc5303871cc32362e4286f3fd2985807f7d80f2891b8ed061c2bdc50532d9d7b7874bea49a0db4dccb6dd46666364a09668704db4d3f0f892e1950adb0ceee2050275b9fdb3cf07c011788c449508aba66d860920df55a2badef32015339ae973c1c01d05c01b40cf26eea387b35efc8b93b56d7cafc0b1ef7634934291458ca770378c2b2657316644242b34e98aefc092e8ba8019d8a9db8065bc1da31615ab336555971ea12fc7362e38144f4bfef561bdf1dc1b0c732e1e3a97c2d98f2037583599f5d44c8a7c1068f06da5a37ca6df81765fc28974ac4b558eb85b319446097baf4c1b3b735b7c3a725cecd4ddc2b3807a185335204f34ffe82bb3434c1bf73790a532640aad31301617bdd63a8025df9e64577cc981b4ac1fc35b66667a2ef822d28e5e2a28abecc7bc9e04a1a580286dd5f62b2d9fadb3dfdbd9a8368d9570ac7df8b340c62dc03319f1281afa9e6f6f9f7fe4701d3dde08f5079a38fe6f129c4f6c9fe7039c06f0e34e14a6754b893df444fc177370f21a6573c4b1987b5b6b94a672278b64dd1e949caab26598bab26322999d656ac30a12b9cc606bdb3a19009da84f3e438a560cd3f0963be72084f1f8a834b8097e182bb18757af5d00b93ce7b55590fb56b38c1a19c5d98e5b82186cab9ec9a031f8d37c2007f1d6a1ad2cbf7b30a056bff592019a114447daac5d2cf77b3632beacc99632e35fc61faeb88d9683ddb1542858f10687e08348e83955773583caab9e271ae90654d01520c80aeb12e6ee8263037af903bffc33a66ce8504b5a0f7602ca3b309a074448c30752fbc7ac51b5a202f72191ea2926246db004c5ce06357e3f324cd6e02ad6e13bd1b512b2a430db317b8819b67e629cb7de3c01aac0620c22bc25cc2ec136d2ded092c9ce50b7597ec9135a1a09c8103e849f0508206eb82b827eb0b4db51b765332a5aafddf7079f1b6573cdf1e45bf8563f622e3163a089a7bc6457fc0425450c39775aa7ac05cc8aad13eb64ca7c69fc98a5cbc48f9944d1a6c036101a87a86f9e12e2edcc65e15e6be09ad99021c7056857b00612dc98a9164545a99c72cafe5bbeb2656bd3fb159428441db8fbcac400c5a117491701e8123edf161c3dbc86dff446ebba1943cb978fe5d54775e2517e975e3c7d3bbf350f3f0c3bac7fc2a75cacc89582d2ee9e18f24e87be60173d724afbac3ae15546433d8922b9cb56d1bab1f7fe1c4d3c166ccdfbc0c93b39b79a37c65fc3f33798e20348aea1342a150965ac96881eaa275ecb4d562f0bc909fe3176812f923327ffa1f08ab64508f1c56532c95487aa549d794e244af03749a347978de5ed0f395363e3e08d34c7983d42ff342247ee9e4e32afe039f9694223ace84dc21278903c468e46d05f23db232309a8e32436ef830c58f1c37daa420c037ca6f7de1faebed6bbd5f291be6f55a79a3b5c1fb0893f512d652e8d6a723213c7307e9785836d448544d7f4e3801990c1f8cad5311aaeebcc3b9834aa6724a89477e48e9563d38865878274345e821fed1d31103c59475387e7e709acb92392df87414c69218278b96d3676eeadc04ffc50d492d35bcd24c1d20af320ce063e7ba29c4467251cc09d11e0914524ca812549c3c76e319ca2ff7b550d1d7b6163742399525adac2660f951a365ec5d0aa822c23328a54b8eaca16af23f50cb7946c674894baf62a7da3240686c1ec5c56ebc8691768985309e2457d44130399e70362414504146a7df3e5b317cafb0bf2fca0a640dc8ceb565056560ee4c2e02b4477610fa6b59f38e8a9a928b0d49dbce174ae96fa85218bc8a030ebe7fed283d8fedce6c76ced974e318b749aa4ea8dbb74364a21339658a850c140f07b25e55550920fa7d8dae4fce6c241a44879079661ddc5ec00436e61f6a949799db5332500facab9539e8cfd2359b2080777d6f74a5a3c61fe49c7967169003bee7262674568d57be59aac3bde0fc77900c24c2a36bbe010feb40295e586c2e3c4bb28bda28482fc7d70a8ddacfb17b479272af8f7f688f172cd10edcdf63273d010cc57bd0d7978cd92420c84e205f4b0beae9289b584aa26c4263d6c5f3f3e5c2322b5afbca1b04a9b9bb8847aa85a1c68467e8c80eb6c63dfb7d423f17d20c82c82732c33d967dc2ddbe1069c5e00a92813f599ff0b63442eee5d3399e072541c3549c761bdd04de9056c55d4f7832541d2b8fb45cb84159f9c77872bf4b7be50d2da7d86afda5d79249e79afe41c139f2e8d3974c8fe2be532d5bf646d84b04cf6ad8d40fd73aad7ff44548768b9ce444f6f821faa53f9a4cbf22bb1c4243a1b3f0675e1e0bfcf42cf0c6d664c80557f345b311b9af029d166e8d413ba2e9ea957c40ec45043e4861a891859bb2166e4a945efb3c1db43d1f78fc5b6a7d0d80c07b13a435faa74eb867e2444e4df34200c1c2b4fe0d446f25314167803d3fbee3a502fce1ca9c7e761371efea56308de496b78762bd24cec9a170e919823bc80dd6917dfdbc62fc9ef4dee594f43f173afae975ebd2e20c6f8f19029926ab73d947b3d2eb9028ec1d11263b95bccceaa08fdb3dfca552457cc4be99ae7fb1c0c4534f9404adfef9292812b9ff5f0c2b04c7380bd623bc5b3ca7af58894a7fd3fe4a6ef481b7d9e64cedc7ee81542216c2e6b5b243a8295369f9f743f6f668c511d4d4b68e6174090f3fd7ea04b680fc7d6b33dc002135527eb20cdae56c8a63ad584ed40c273ca0dcd4dab16b703a8a63fb8a1d3b1518653e8103361d358d6990aa940ba6d147ad0ce1be977beae48ae04510c76a55df33b81f8e7257fd3529787528501cbc66ff32e3124def203964818700b0fde1b5ec97d47bde0e16a1f309bebf0fb73a943f5ca47122546124be679d4609fd14d9340b7bd4421cd1f53bdca6cbb10d78bc063d27dd4951e422966d01e30c1d8e0c6b4ff3e72a3f7b8f0f160b7ba548f15f0c00f50c691f50464638bd2b5e5adaebea767b672a9c0be1d442479a65a253e69a195d11653883ed010357ea6fbab60ac8dc101765e5a695e56b6f5cd19f5886c9aa2f4746cc394a85e0a189316edfcb6dd087a29725709b9e2a1533aec9b5f8c79c664d0b1cb6a68d4c70ef9b53fed58fde38db2189a68509f54cdf89f465b2886973c989b1aa19d26098cc9eb0d66b946c2f9ccae9cf8ca87b57a32ec3674a0c347ef5e33a5d45386f2b96d1ff1f497d5db0244df0d90aded0d26355c53c3a1785395a17901474ec9758b9fb1d7b67a3a858ffdb9f61f1f5298b318bf49453819bedc012800014060daf5bc9be51d7d1377e9f5d7691a3063b600ec4c6aa0c728eb1d3d1807ff96395dd92ee527dc028bd71ee15fb5b28442cca2b190abdc77aef5550fc1ecb131cdf2bbd763884605629225fba8be407c658b72ac5ffd3a217e9f25bbd12b291366536ad5976f19df38e68b8f5c68e0a1ee930358def6dc8f495e341a1e6319ba065522119d28611357f4bbec6459c8aa4c7ab7571533de5227d96175c75abbd57e0aaff13321dc92c7260c7c0702a6f3ba7454f5b0024ef6ac4440991817abc0a03bf33a35ff8b9b8be3159db5fc4b0f280bdff93092bb0165238618fce2b536eca6aefae6add916898886f674d2d8e15873b6450cc5528648566e07bb683ecd23a3a429bd1d3d81ba11a60181fc5398c8b25ff687615410ab459cc7e7dbff6249d3c210ca67c8694570a9fe1f82263032254dd4a28e6ad1cdd3ea4328710099fe172c4282de3f1d2f6b3977dce1406efb3aaeccaeee48a9d8df66bb19ebe7a74d83bb338440c4ee21bc12c8b38a1b1b731e0ebf65ad5fd9ef88ac1d8560cd432cc049e9068cb484f6ffd1dddadc815ede7ffb7c36dc9202a9280b0e75a229d8dfca21b20275df6b132950c0d031b8118c73d8c9e6bb8e7634bc9a793f9caa05fdd3076be2acb92cff276db3f021d08d61f375dfd5958c0562f0b3c7691f6420d6370595391eebb9e4f2d59fb26432558ab99f4e4042d560adc6202211156fffeae53ca153727f994942231da3b432c6839ed6905f32bd01c9a970daa7564fda8a811f7ee77cf92aecae897bd47888ed6f70091e638d0940bdda11230066d1efa5bdc4ffab5808a5565cd0a33a47915231b12fec8cc81759db0b6c6278de22a048f1f74ab1cb6c5b21c1d53e25331c4a5d4d6f089e2508edda3efa2acfb32054784d4df3e641b0ebb10d6a0bd238e50f0fcf72da95e30462794c0f92ca8b0e4e5199565e057ce1f495cf23b4cdb61e8e64527680af3d975d0b39e522ebfa451f65f6497038009ac65dc04cf6e11f3e9898012ce661bf3c038a33418c170adcd6e28405120837a9e3fa1ddc182031cab09b8e8e1bc81770129346689cf96e39b1603aabd2701dd49c86b9422824b7092a733fdaeda4a2692bdd8adc3b344e74d30177d80b90ebce49e4de4725d6f36577e66a7a5011a37e5e4d72c6855e8aaf74941e6af0cb3da493c944d085f5d84829635c02d0c5fedf51fbc5648c0c7915b4f6d5dbed0ac949d16b820dee5ecb77ea52a8e87fac06dc17a0bd89bd192596651e1f5e3970678e4d5d833c19adf6e35379c521ef8250137dbe9b51927dd3d1e4263c11f4b8d40034ceb2c3ec740bfa09890065054d4d", @typed={0x100, 0x8e, @binary="c1742bb81a1d0198ac0715b93d73b5ae1d98da894f0aded157af636a59e1ea3272164432025c111b699969ba55de013bef9a39520c062c52bb4a0aaa7bbc409190a882833be30639cdb27fc5253803928dfe940959203382c5cebd06fd7babbd9a5dce68524b3ecd5d04dcd6c77656aea11cf1303998a5b0453a133caeebffb36efc5d6351221279ea91e0392e336cab32a19d5159ea66e19b65d8330ea0fd5642449728931ee207413f3f9852cd663b1fc7cb127bdb5cb444ada6026b7226d0fba530c8c62a395e35a11306d5283ec1c779a84c276ea63d807ee689103dc5cd488af66ad98f3f8bd90e26029556299ebdd02ddc3f3a143bca96ab"}, @generic="4a17d1b9a9477ba93ab071bcffbbb980282420c96105f71448d14ccd5b8d068b679cefcd838b97ba16b0093dbe733acbbc7f157779bd7f12efdca677e8bb53ac3d06b8d08fce2130baf908dad96efcf23df0ce28068dbc2005f23413d2e5bc6ea83c9227c4f1c9a51714a20367550829610d7cd660599c93d856d739dbbf5bcc"]}, 0x124c}, 0x1}, 0x4)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r3, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r4, 0x1004000000016)
close(r2)

10:16:13 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:13 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:13 executing program 5:
r0 = dup(0xffffffffffffffff)
openat$cgroup_ro(r0, &(0x7f0000000540)='memory.current\x00', 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.stat\x00', 0x0, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000180)={0x8000, {{0xa, 0x4e24, 0x2890, @empty, 0xd9f}}, 0x1, 0x4, [{{0xa, 0x4e21, 0x200, @remote={0xfe, 0x80, [], 0xbb}, 0x7}}, {{0xa, 0x4e22, 0x2, @ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0x14, 0xaa}}, 0x7}}, {{0xa, 0x4e21, 0x64b, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0xc}}, 0x1000}}, {{0xa, 0x4e21, 0x8, @ipv4={[], [0xff, 0xff]}, 0xfffffffffffffff9}}]}, 0x290)
r2 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r2, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
recvfrom$inet6(r1, &(0x7f0000000440)=""/228, 0xe4, 0x20, 0x0, 0x0)

10:16:13 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x0, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:13 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:13 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:13 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:13 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:13 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080))
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:13 executing program 5:
r0 = socket$inet(0x2, 0x1, 0x6)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:13 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:13 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f7620")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:14 executing program 5:
socket$inet(0x2, 0x3, 0x2)

10:16:14 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0x0, &(0x7f0000000080)})

10:16:14 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet_mreqsrc(r0, 0x0, 0x25, &(0x7f0000000040)={@multicast1=0xe0000001, @loopback=0x7f000001, @broadcast=0xffffffff}, 0xc)

10:16:14 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
accept4$llc(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000100)=0x10, 0x80000)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
ioctl$KVM_SET_TSC_KHZ(r2, 0xaea2, 0x9)
close(r1)

10:16:14 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0x9, &(0x7f0000000080)="0070c600100000ec23"})

10:16:14 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0x2, &(0x7f0000000080)=""/203, &(0x7f0000000180)=0x24b)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f0000000700)=0xc6, 0x8)
clock_gettime(0x0, &(0x7f0000000280)={<r1=>0x0, <r2=>0x0})
getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f00000001c0), &(0x7f0000000200)=0x4)
syz_mount_image$vfat(&(0x7f0000000240)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x8da, 0x5, &(0x7f0000000600)=[{&(0x7f0000000300)="f7886ff5f3ea73d66998b88970740e50b0249e3df519095b171ff0a0c0dbfccbfe7e7367f31877291fc5fe666a8a362c3863e26448fb7a058e5c89d3e0b2e8abb0f12a316ef72910c6b00c6e6507af8be6e1b10e0700cd335eeaa0f282815e0432d2f3a55cb430f573f97aeb339cdf03d6d445b476fe2c23e3b9e9a306", 0x7d, 0x40}, {&(0x7f0000000380)="2b8efa60489f85a580", 0x9, 0x9}, {&(0x7f00000003c0)="253f0cdfc21ccdd84189fba2383b892f1b22bc8fd4bb013db08a1b01a2eca9c31983489a0647622ada49990b1787aa6f2fedc57317dea12ea8d8e8a9966b", 0x3e, 0x8bd}, {&(0x7f0000000400)="41b25298624192831258e914b1533cb319ced3d07f121da8f78eb40fabc648b081b0302a5507a2956da345c923a61ad165fd35d44e3c76eb5dbf2f8549f4c6bc6bf98d3252f019ef31dc132b97f86b3d90c8873cae5161c02c7e6edcd71318065fec24f3f009fc142ebdeb2e4448f10ba6c08c2e3b6659da74be982f87ab50ab72b451dc9eb89471b5c846d88e93f49f401b51e2430f6232a8b40f6dcd68a3146de1944b199bafb1f81dc983c6b9d239e4a8212b7dd5e28dff2ac7ee0a7020131c4821047d3285f0e9890a838acc", 0xce, 0x1}, {&(0x7f0000000500)="51fa520f348631823bcf41dca46216d3e5ea612f49816a80ea29ebd2b38717c92bb5ce3205e345d712c375a47f041f2f433eedbfde66f4f6356179ab1db488d60e7848f5824b88ae147af9c5c2c7b8f67922569e65de0313c633a50fe2b12d88087d6e2229af05399710b654b77833d7954accc016cdb18a0a071778b807870f11e9a884f73da9ecd23c1d7efe7a2ee6c3dc255489bd806b56a61d490a1546e38f13d545d103863f1e93e0989337c50a25c4d64fce5e326e992063d91be7c2a28cc257d266cfd1a2f0ad83945f1b181de0c183ca26c12c", 0xd7, 0x3ff}], 0x2000, &(0x7f0000000800)=ANY=[@ANYBLOB="75748e0220312c005fe493f8e9563e00006d2c34d1d4160a23eef819a9ba2f16a548ae8d63a3128ed83e430c5e9c000300007140385b3bfa49001f8ffa78dd2c525b3f0fefea51e41d73d4b82a0f49027810a5081782cf7cd64600000000000019b8b0340ffee47b625fdcced3a81a1592a6b188ae7afb699a5ceb135ce657c66e4181b048959e034ca49ac6f6a3ec07ca7f91abd1e522dc16032eea66a7c5cc33354a75d29327db820466f042"])
utimes(&(0x7f0000000040)='./file0\x00', &(0x7f0000000000)={{}, {r1, r2/1000+10000}})
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000680), &(0x7f00000006c0)=0x4)

10:16:14 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:14 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0xd, &(0x7f0000000080)="0070c600100000ec2372070229"})

10:16:14 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:14 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:14 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0xf, &(0x7f0000000080)="0070c600100000ec2372070229363b"})

10:16:14 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:14 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080))
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:14 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
getsockopt$inet_dccp_buf(r0, 0x21, 0xd, &(0x7f0000000180)=""/127, &(0x7f0000000040)=0x7f)

10:16:14 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:14 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0x10, &(0x7f0000000080)="0070c600100000ec2372070229363bd7"})

10:16:14 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f7620")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:14 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080))
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:14 executing program 5:
getsockopt(0xffffffffffffffff, 0x0, 0x20000ce, &(0x7f0000000080)=""/203, &(0x7f0000000040)=0x70)

10:16:15 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
r4 = open(&(0x7f0000000040)='./control\x00', 0x20000, 0x0)
close(r4)

10:16:15 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getpeername(r0, &(0x7f0000000180)=@in6={0x0, 0x0, 0x0, @local}, &(0x7f0000000040)=0x80)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000200)='/dev/snd/pcmC#D#c\x00', 0x3, 0x200001)
ioctl$VT_ACTIVATE(r1, 0x5606, 0x8001)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:15 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='\x00', 0xffffffffffffff9c}, 0x10)
ioctl$sock_bt_bnep_BNEPCONNDEL(r1, 0x400442c9, &(0x7f0000000240)={0x3, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]})
ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000200)={'veth0_to_bond\x00', {0x2, 0x4e24, @multicast1=0xe0000001}})
setsockopt$inet6_tcp_int(r1, 0x6, 0x17, &(0x7f00000001c0)=0xed15, 0x4)
ioctl$sock_proto_private(r1, 0x89e8, &(0x7f0000000280)="ab75313e612ba533ca0672ffbf90dc1b443a69086a2d8b18790047595c75c6375fa35ba238c36fb3801c922650c61450c052429f7d9dad1333c4408e132eafb09ff4c18c3a8b2e0f1c23ee8175d033b887a2eda39370969244b1be18fc2ac3517a278ad77985e5828d4c83c1423834c61cd5e3c5663596b41abed49343a13f3db20e5b262394f4ad832db347b424eef8ef264444bd3fd08afdc867")

10:16:15 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:15 executing program 5:
r0 = syz_open_dev$vcsn(&(0x7f0000000240)='/dev/vcs#\x00', 0x4, 0x2000)
setsockopt$RDS_GET_MR_FOR_DEST(r0, 0x114, 0x7, &(0x7f0000000980)={@ipx={0x4, 0x6, 0x80000000, "38509a168824", 0x7}, {&(0x7f0000000280)=""/105, 0xfffffead}, &(0x7f0000000300), 0x1a}, 0xa0)
r1 = socket$inet(0x2, 0x3, 0x2)
syz_mount_image$gfs2(&(0x7f0000000400)='gfs2\x00', &(0x7f0000000440)='./file0\x00', 0x3, 0x1, &(0x7f00000005c0)=[{&(0x7f0000000480)="b9889b0d5513510fff5f32d827e29ec1633108abb91cf988a4a0398621d04800389abedcf1f86512aa940f7c1336516f4bfee1bf622b9c6937d322846aa0f5a797669a6064d74137a7e96666a2da6b8189ab1fa60fa104731b384a77be8d59d302a075450ad06af6068b19b3a6dd95f026bcd939c6fb28b179483bf432920109e7df1bd971adc4e2ad797c000b7ad43c318b2c", 0x93, 0x1000}], 0x40, &(0x7f0000000700)=ANY=[@ANYBLOB="070000003d392c6c63d7e27208d71eaa635dc1b1066f636b74803fff985cbacb0ae5953f225d8124a8a46959fd6b1b7f88dfb347ee2c859e09167a13ac6099ce5409403a590fa363f2cb0297d59acae0baa807effbfa2ccd9e0ce40741549fa603dff86d890ce31e193a5eb30c591733283ccaa66b64c80206eb876b745798d7000000000000"])
sendto$inet(r1, &(0x7f0000000180)="99ee06649066d538d5b1fe05c9c5d04f7eeafbe651935fd7ad395027c347195954d2f2ed5064b99c8d1bbec9a1a05e135cc602c088ee837ad895d55bb82cfe3b2aa9c65766cea6b8dae98e8bcd1aa394960a6ec900f4aa6aeea4db3c867b1b9fc562af5725416ff79bc2212cb1ea900a8418d30402c0fbe5de81d8056c8d57bd5236692de1b392546c74c960a394d8a9377c58d8b5e118f6a4c8", 0x9a, 0x20000010, &(0x7f0000000040)={0x2, 0x4e22, @broadcast=0xffffffff}, 0x10)
getsockopt(r0, 0x0, 0x2, &(0x7f0000000600)=""/203, &(0x7f0000000540)=0xcb)
r2 = gettid()
mmap(&(0x7f0000000000/0xf50000)=nil, 0xf50000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$evdev(&(0x7f00000002c0)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCSKEYCODE(r3, 0x40084504, &(0x7f0000002ffc))
keyctl$session_to_parent(0x12)
sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x1c)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000100)={<r4=>0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x90, 0x0, &(0x7f00000007c0)=[@increfs={0x40046304, 0x4}, @clear_death={0x400c630f, 0x3, 0x3}, @enter_looper={0x630c}, @request_death={0x400c630e, 0x2, 0x382}, @enter_looper={0x630c}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x11, 0x0, 0x0, 0x20, 0x10, &(0x7f0000000080)=[@fda={0x66646185, 0x7, 0x1, 0x16}], &(0x7f00000000c0)=[0x38, 0x28]}, 0xffffffff}}, @acquire_done={0x40106309, r4, 0x1}], 0xf4, 0x0, &(0x7f0000000880)="06287354c198d96d10e6a092721c0eb713ed0ce82eb5da4efe45d0ebe7caa57fb1e6cee4046e49b1d7a0f46f073a3403a9803b016cba2529919a1ba03c6ea280ff3f8bcb5d345db3fa0dff52edee8431653e260cbd10d3241024d08def37f357e5ad033e457e88755c37b3b065c50db2014509957cfaec87ac14c2af49c5674592a9e3ac2162cff66849ea4a1f653281c4b30e34fd3502bb9058a7ee736ee441ad0afbbcf7dc05abf7f83354f58c776bcc9f56b83ae61df52328b32976b0062a111e90f53a2982d78fec671066976d52ba87e43ec02135f19aca1d138c975fc1b4572f004d938e7bcaffc21ad70a1c32b2a6390f"})

[  316.257476] gfs2: invalid mount option: 
[  316.261788] gfs2: can't parse mount arguments
10:16:15 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
r5 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c40cbaeed3b00009fb10d8f9088d884bd46b49837a5ad4a1c001e2448a399ef6a81de80a02e7dab8b23725fa3779aa5ad13bd1978680f3981d153", @ANYRES16=r6, @ANYBLOB="000327bd700000000000000000000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20004001}, 0x40)
lseek(r4, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
ioctl$EVIOCGLED(r4, 0x80404519, &(0x7f0000000300)=""/183)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000140)={r2, r2})
tkill(r5, 0x1004000000016)

[  316.297736] gfs2: invalid mount option: 
[  316.302055] gfs2: can't parse mount arguments
10:16:15 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080))
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:15 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:15 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:15 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d34")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:15 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000002c0)='/dev/audio#\x00', 0xfffffffffffffff9, 0xa0100)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='\x00', r0}, 0x10)
r2 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r2, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
setsockopt$inet_group_source_req(r2, 0x0, 0x0, &(0x7f0000000180)={0x400, {{0x2, 0x4e23}}, {{0x2, 0x4e24, @multicast2=0xe0000002}}}, 0x108)
connect$rds(r1, &(0x7f00000003c0)={0x2, 0x4e22, @rand_addr=0x9}, 0x10)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000340)=<r3=>0x0)
ioctl$sock_FIOSETOWN(r1, 0x8901, &(0x7f0000000400)=r3)

10:16:15 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
r5 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c40cbaeed3b00009fb10d8f9088d884bd46b49837a5ad4a1c001e2448a399ef6a81de80a02e7dab8b23725fa3779aa5ad13bd1978680f3981d153", @ANYRES16=r6, @ANYBLOB="000327bd700000000000000000000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20004001}, 0x40)
lseek(r4, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
ioctl$EVIOCGLED(r4, 0x80404519, &(0x7f0000000300)=""/183)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000140)={r2, r2})
tkill(r5, 0x1004000000016)

10:16:15 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f7620")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:15 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d34")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:15 executing program 5:
sigaltstack(&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000180))
r0 = socket$inet(0x2, 0x3, 0x6)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
r1 = dup2(r0, r0)
ioctl$KVM_SET_IDENTITY_MAP_ADDR(r1, 0x4008ae48, &(0x7f0000000040)=0x1)

10:16:15 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
r5 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c40cbaeed3b00009fb10d8f9088d884bd46b49837a5ad4a1c001e2448a399ef6a81de80a02e7dab8b23725fa3779aa5ad13bd1978680f3981d153", @ANYRES16=r6, @ANYBLOB="000327bd700000000000000000000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20004001}, 0x40)
lseek(r4, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
ioctl$EVIOCGLED(r4, 0x80404519, &(0x7f0000000300)=""/183)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000140)={r2, r2})
tkill(r5, 0x1004000000016)

10:16:16 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x20})

10:16:16 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @multicast2=0xe0000002}, 0x10)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:16 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c40cbaeed3b00009fb10d8f9088d884bd46b49837a5ad4a1c001e2448a399ef6a81de80a02e7dab8b23725fa3779aa5ad13bd1978680f3981d153", @ANYRES16=r5, @ANYBLOB="000327bd700000000000000000000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20004001}, 0x40)
lseek(r4, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
ioctl$EVIOCGLED(r4, 0x80404519, &(0x7f0000000300)=""/183)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000140)={r2, r2})

10:16:16 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d34")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:16 executing program 5:
r0 = socket$inet(0x2, 0x15, 0xfffffffffffffffe)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:16 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c40cbaeed3b00009fb10d8f9088d884bd46b49837a5ad4a1c001e2448a399ef6a81de80a02e7dab8b23725fa3779aa5ad13bd1978680f3981d153", @ANYRES16=r5, @ANYBLOB="000327bd700000000000000000000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20004001}, 0x40)
lseek(r4, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
ioctl$EVIOCGLED(r4, 0x80404519, &(0x7f0000000300)=""/183)

10:16:16 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080))
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:16 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
socketpair(0x13, 0x80002, 0xffffffffffffffff, &(0x7f0000000500)={<r1=>0xffffffffffffffff})
ioctl$PPPIOCSFLAGS(r1, 0x40047459, &(0x7f0000000540))
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:16 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:16 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d34")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:16 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c40cbaeed3b00009fb10d8f9088d884bd46b49837a5ad4a1c001e2448a399ef6a81de80a02e7dab8b23725fa3779aa5ad13bd1978680f3981d153", @ANYRES16=r5, @ANYBLOB="000327bd700000000000000000000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20004001}, 0x40)
lseek(r4, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))

10:16:16 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d34")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:16 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
fsync(r0)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000180)=0xcb)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x40000, 0x0)
getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f0000000040), &(0x7f00000001c0)=0x18)
getpeername$packet(r1, &(0x7f0000000200)={0x0, 0x0, <r2=>0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000240)=0x14)
ioctl$sock_ifreq(r0, 0x89b5, &(0x7f0000000280)={'veth0_to_bridge\x00', @ifru_addrs=@xdp={0x2c, 0x5, r2, 0x3b}})

10:16:16 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:16 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00')
r1 = socket$kcm(0x29, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x80006, 0x0)
getpeername$inet6(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, @remote}, &(0x7f0000000200)=0x1c)
ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
sendfile(r1, r0, &(0x7f0000301ff8)=0xd00, 0xffffffff)
r3 = socket$inet(0x2, 0x3, 0x2)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x40002, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_MIUX(r4, 0x118, 0x1, &(0x7f0000000180)=0x7, 0x4)
getsockopt(r3, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:16 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:17 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0x99df, 0x2100)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = creat(&(0x7f0000000000)='./control\x00', 0xfffffffffffffffc)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
ioctl$EVIOCGMASK(r3, 0x80104592, &(0x7f00000002c0)={0x13, 0x0, &(0x7f0000000280)})
lseek(r3, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r4, 0x1004000000016)
getsockopt$inet_sctp_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000040)={<r5=>0x0, 0xfa2, 0x2, 0xffffffff}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x70, &(0x7f0000000140)={r5, @in6={{0xa, 0x4e22, 0xfffffffffffffa8d, @empty, 0x65}}, [0x9, 0x0, 0x6, 0xfffffffffffffff9, 0x800, 0x100000000, 0x5, 0x9, 0x5, 0x400, 0x401, 0x1, 0x0, 0x7fffffff, 0x7]}, &(0x7f0000000240)=0x100)
setsockopt$inet_sctp_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000300)={0x7e3, 0x6, 0x2, 0x5, 0x28d7, 0x0, 0x400, 0x4, 0x9b, 0x1, 0x3}, 0xb)

10:16:17 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c40cbaeed3b00009fb10d8f9088d884bd46b49837a5ad4a1c001e2448a399ef6a81de80a02e7dab8b23725fa3779aa5ad13bd1978680f3981d153", @ANYRES16=r5, @ANYBLOB="000327bd700000000000000000000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20004001}, 0x40)
lseek(r4, 0x0, 0x1)

10:16:17 executing program 5:
r0 = socket$inet(0x2, 0x2, 0x7ffffffffffffd)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x181000, 0x0)
connect$inet6(r1, &(0x7f0000000240)={0xa, 0x4e23, 0x3, @local={0xfe, 0x80, [], 0xaa}, 0x66}, 0x1c)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000280)={@mcast1={0xff, 0x1, [], 0x1}, 0x4, 0x0, 0x2, 0x1, 0x2, 0xfffffffeffffffff, 0x80000000}, 0x20)
getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000180), &(0x7f0000000040)=0x68)
getsockopt(r1, 0x0, 0xce, &(0x7f0000000400)=""/203, &(0x7f00000003c0)=0xf09bf744e27bcf41)

10:16:17 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:17 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f76")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:17 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:17 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080))
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:17 executing program 5:
r0 = socket$inet(0x2, 0x2, 0x8000000a)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:17 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:17 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d34")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:17 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c40cbaeed3b00009fb10d8f9088d884bd46b49837a5ad4a1c001e2448a399ef6a81de80a02e7dab8b23725fa3779aa5ad13bd1978680f3981d153", @ANYRES16=r4, @ANYBLOB="000327bd700000000000000000000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20004001}, 0x40)

10:16:17 executing program 6:
r0 = socket$inet6(0xa, 0xf, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa, 0xfffffffffffffff6})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {0x0, 0x2}, {}, @time=@time={0x77359400}}], 0x4ff4effe00be6e26)
mbind(&(0x7f0000012000/0x3000)=nil, 0x3000, 0x3, &(0x7f0000000100)=0x7f, 0x6, 0x2)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x2})
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:17 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:17 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f76")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:17 executing program 5:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff})
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffff9c, 0x84, 0x1f, &(0x7f0000000180)={<r1=>0x0, @in={{0x2, 0x4e24, @local={0xac, 0x14, 0x14, 0xaa}}}, 0x6, 0xffff}, &(0x7f0000000240)=0x90)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000280)={0x4000, 0x2, 0x7, 0x101, r1}, 0x10)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r2, 0x428, 0x70bd27, 0x25dfdbfc, {0x5}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xffffffffffffffc8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4010)
r3 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r3, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
ioctl$KVM_SET_TSC_KHZ(r0, 0xaea2, 0xdf)

10:16:17 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:17 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
socket$unix(0x1, 0x0, 0x0)

10:16:17 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')

10:16:17 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x40000000000)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = socket$inet(0x2, 0x6, 0x9)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000040)={'IDLETIMER\x00'}, &(0x7f0000000100)=0x1e)
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x30)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r3, 0x34, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r4, 0x1004000000016)
close(r2)

10:16:17 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000180)=0x4)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:17 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:17 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f76")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:18 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d34")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:18 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))

10:16:18 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080))
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:18 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:18 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f0000000180)={'filter\x00', 0x8d, "4896fcfa32bb281be2df07d36e8cfaa37e90f1370329bde14a962167a1a77ffac31528531832855fc0f8bd76689c3dc1d9152c74874dccef2f4f81d19201fd2ed9813b311aa0c2f9c3e35f2adc7eeb1109fc894dfbdd833abeb0355ab5fb1f11f4f97b96f0575ad8e726515acaea54a43ec9c0a36fbd97315245a8e9467d47dbe4cdf7bc92f4b306b62f11d9bf"}, &(0x7f0000000040)=0xb1)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
accept4$inet(r0, &(0x7f0000000240)={0x0, 0x0, @multicast2}, &(0x7f0000000280)=0x10, 0x80000)

10:16:18 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f7620")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:18 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f76")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:18 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)
gettid()

10:16:18 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:18 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={0xffffffffffffff9c, 0x50, &(0x7f0000000180)={0x0, <r1=>0x0}}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000280)=r1, 0x4)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000240)='/dev/rfkill\x00', 0x301083, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000300)=<r3=>0x0)
ioctl$TIOCSPGRP(r2, 0x5410, &(0x7f00000002c0)=r3)

10:16:18 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f00000003c0)=[{0x1, 0x0, 0x0, 0x7fff, @time, {0x7}, {0x0, 0x4}, @time=@time={0x77359400}}], 0x30)

10:16:18 executing program 5:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40040, 0x0)
mkdirat(r0, &(0x7f0000000180)='./file0\x00', 0x97)
r1 = socket$inet(0x2, 0x80005, 0x7ffffffb)
getsockopt(r1, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:18 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})
creat(&(0x7f0000000000)='./control/file0\x00', 0x0)

10:16:18 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:18 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x9, 0xd0, &(0x7f0000000080)=""/203, &(0x7f0000000040)=0xcb)

10:16:18 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f7620")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:19 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d34")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:19 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x0, 0xc0000)
ioctl$EVIOCSMASK(r2, 0x40104593, &(0x7f0000000200)={0x17, 0xe9, &(0x7f0000000100)="5737a02a2bf916aafc0fde9a1f311ba6dc5bce6928f44b69c687f6e5eecb740771f63b48b8009064b7a0d4ecb76aab0720d88cd5e93848a75f95a19887dd248c9c736ca0a618f2e7896b6db44981b3cb17c64982e4a613fc50e307c4d55f04db3656e4288f44aebac0df6120f6e5ca666f400ec1d6b9df16a5b4728d953704ed1754a7d3820b88754911618104072247ddcbdf1d008d469e8629110098f51c2245cea0783bff1c3c47eb70572ca052ba5c64fb1bb21c6d657ef851f66cff29c00015a04e6bc524a8cf76ac86028511b1cc7572d3e084af7171223ac0e6afa84a3ebb9e7db0f4d3e407"})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
pwrite64(r0, &(0x7f0000000240)="03e015ed983da7adbd6a6f104c1af5301016f1a96168bb1db3b87d125d04f1d23d44eed91fe07d026b86a44249863985a501dec8ae4979e168744a3d0105dab83abed113a8b5c6dbf8bcc68a1ecdfa8c419fe05770259579ce7b6d2b0cf24b3e3c6727fe7ae163b5825bda34789b3ff10ed8198547ee62903a79e95a950d532b0669a76f0449cc1f5ea3583cac599bc51b7fb37bd61c9092f86fda2d8da8a14da9a3c08630e95f3bbe605ae3239e7793d428ba699ce748c355313c31133cc0881f7cc5dc015aefdcb926fea60fb6cfaa2d3051d475c1bad806cc58167e6c1e336b4d34d8fab9367589720885e55dafe173570a116eaffa3da051d9445edc3f36bf7329a6371368a6e404fae22e616d003a372a3d62380958d1e341bb9156aa29686d3aca97810e4954d584048879fb92175ee7aec370b61a6559381c58b04defad260e304c9664ca19146cd0487c97a81a2cbac043befdf2e66c14f8725698f7a368ef13164faa1e853264c462ac1c76385211230e597b83e69e02b690470467e55a41df0c3ed4515caf815b50d0560b2c96ce5f0fd835848a09aa7915382f84fd6327131177b517701dfb77a0f94947669c8a49f19d9da9bd722b72a96d215c3ae7250a4ca3ab1e225a0c7387f8654fcdce3686bb637be6c2848c6de71d77a5640d47f688e84e4f0f0ab9706a2640a03ff3c27de95c3b3a7cabbae550c57aaf6fb9f5903a80b09232bc741e12fe557b35dcb07091a86b944736be56472a7c1f1da89da835b42f7657faa341d032a415ee8d160940430711ce6587517afb4cdb16c7d059d0fd309cca0da476d8f72dfde4810a15b5e89bf4d6532c860498e39a892f1953fdea6bbb5c557c60126787a80d9511517cd26d5ed60244c1c9547f5abb262b30048c5ce7098be14b3dcacda969c323f029861f3cc5a7ec83602a8990c9feaa7714d6b42e405194c9470fc57124deba9738a7f18392dd480769eb3885ae8d9a052a5553200597a6a30de85e2f35536d6df9ae34e6970cb4a181db246cb8753d3acf8882d9891bc139c782e2922518891d13187a46beea3847180b73ea440079f3674997f99ad78edd84c8594fd829229177834305c46fed875ad38675f8fab8b1cb818425ba45ddcd0c16d4aa506e7c1269f08c3543b01121aeef660f63226510c377b89184d7ea6dae29dcbf3220d83e09ca3bd0eea3520253182ded700d2842291d8f7ff8d0365be772981ed1b36c7c8c07433c9e9d110eb7bc90ef164860a9d28b1bc1345a07cd3bc4e696b9a3d4eea1baa7c14042a83afb8ab97acf77f46f868d513950327735fff7d3a3bd84beee3512c89b9b5549061fdf0768d913f2d1e7e3c576b6f6a2aab3866270d7c0b1a95ea6d83abe074e37eb1150448a77337aabcdff909519670472d7e6500386d44d13050c0de33494d672f606e0f54c2b9b95c82fea63b961d9406153da86ce496a9004f2546bc649384aa5249337fe346e3423a1655fd0e27580bf2253432e807414476747a947b2c4eb84bc38b7976504fab83f9c40fd207c47ef90a60225a04f6cfeb1353d3ebc3b3229d94c7828b113beb95d6d8d62c16400a89362c9217eb9ea95b2d6b6b7277d856492b6c76f5ca230bb7d9b3741dfe2415bd27f7d2c51a1edd99de927bbac82c887a0fc5d89fca5ecd15671cfe4b9803128889dfcda8da9582281278c7db87ccee3925cd3d7d7bbd8a0cd24f017b55c6ea78714feeb646ea354419c79fbb86bfe33e11e9603f1b535ba8de2c6a0528b01b8bbba08ad685c00cb0ac537829cc72ffc68b04eadfee823c8334d5e77fddbe637682abfb0e46342864cc2c7acc0cbc478e6016721d474bfe424f7ec126a5721a9d55ae7a46b2d1d6909397114726450a42cdbc8816950fc9720f0626b807a47ce16e15141b5791d75fffd8678443888bbd9d4a67c19089904f84c0ccc1c40038c79b2769ab9289702be21dd7bea1c37871e8b5d82d2493b6eba6d1b93843494590fe3244381c692bdf0c14b49638dd1a76b35a2e23d1518a66a21c012285aaba547d31d36c8057027a2451521e70c985e16f8ab241cb6c7e8a17af7c3d8a0ef660163103f5364c31cdd6bc202266c18ff979d5d5f9536f9be1675f781c8f330e5c99ac16bf2926fdc7cce256eda4d15bb328a32fc1defea51045bf7afb79bbf02a026350c9b33fbec63cea2a87e1dbbeda0413eb182cb4608fd03b86a57745127e9bec218ca331a981fe3ff3a4a556872ed5fd21a1e16fa1df99f52d918e53c37f42f629dce7d5509a50425f741f2704dae0c2e7cdc4b424c5f63b7e751849adc9560a2f0e6a90c8b596313560466e62820b0b0aa09ee4b38671ef2c0f06bdc5adb61badef7e791a2b664b4ce5870b85192c77b8a487c7ed15931be6bc5aa7d624e6e5b4332aa13cadba75f7d4d5b8485f1bffbce4a87bece952fa8d686e8b52cc1df1a29de064b7abe58311f415e05821cc8d26ce1841f40b815aca1e468c8eb7e14c9ae00821096a83d31a303917bd0e12724bd11de63c64e4cb3deef0b769d592f65bfa676116c7991d8af2c867f515f73fd0dc874d4c81154e65804ecc442029e2da21f251f88a477fe71d556a7324580c1b3cd00eea87be58351c54c0d242cf60d3a771fe104e23021eea048e2a5e843dc6086f2458957037c23d32729d8786dbd13e01fd28e0f270f78b216fd81ddfd817765a68e318345767dad2510bc8207551bd727575572d9326524410f0835a4e2242ff47fb29319cf35489f3ecf33e408310465f17ecfe0aa02a44e665636f4ea744bccae0b17e7747bbe51e7fd37685ab5f6e1897def73aa93f3be6fd3b71f62ed72197506e7daecb653d5b81565410c543374411002035e0f2fb60f342121f707c419287bb868505afeaf36c2a4ff5eedc28206060b636e9aeb876a8c96045381766d5eb3e67154b1501bec80b56fb350718b90b133d3560dc51deb5bdf5ffdc2d919e436fe9bf8c664053b71cd06ecb3463ddd6a76a0535e9fda0740af5ef22a296171e660d9e0d98a604a82cb1d50789381dfa857faacfa408e15c91ab61f3fdf2727d092c89166ec043ee73fa0154caa7f3ead15837fc0d31697fe1b54217332d24550f5c5b24b4a607804379741b0a184fd25b6b8101127b9ededdc6260e57c46b251e186c8fb873e2afcb6d9e5d11e5857076f2b3e78e2a47907ade71264a3421af19be2339bfecf184b3472fd59d503bb2b6b9ca845260c274adce0cc55d1b1459b41c06f24baad185da27d6529b1d8e3042318e69eb5823428819fcda87581509c35b43af482a0b42c6cb02d3288c2e71c0b1890950f569d094988dc94d491cc48c7e0753b758d086a6fa90efe44e9b08c73303ffb57dfd61d99f2c4fd92aa032cb7297f426a1678606f141e99a13bcdea7738890c6009b1a9f6c82a18ec6849f0fc3e53b0e605d1176847593e65ffafcc47903967bc943783670054e34d9827ba9299d4440ce13ac4f4298f989314d7278117b353932d05604714f7c7a3e70d552932dbe4395192665b997640044fd5c179f0ff7a1285c008f938504a78ad8adb4ce6a9eb9ef360fb0f0203ea8bfa988ccace4757dc0dd74def16962d4d54b54f453bd2f1e464db5a2fe511d0bac32f157bebc3137321044e528df2b0f55fe4fbec9794a4ef9d7f6c90dc55c489fefe400fe0472db3f2746c4bcf9da04bfdc8cff7f8cee46bc76b024b56dd0f0916a1ce4c25f0a5f185c22a8c66b0d2176d6568f5c48a3daa8ea27a1cf8e0868098b00f9025c36acad5a30f65c3969406ffeeb35ccbeada274c8a6719a9199ca47d1a7dc4534b18cdd260b176660a32584a35ae6840579e6cf706048a53b49a202b029e5be5f7741f1421e923e754b8fa04fa370162f13eb3deafd17e978c8b4982906550d52c1c724e1bac1d7ad955672c1f67890a57ec7f506cffa90f84facab65a9f5ecba77c0236f17c50317635bdd14b8d517d1992b855110fe531c738b14b796c07554cfaaad251b7bd8fca8e176d15119c43e74a529d1dbb27375f10094d6753262a0f764968a52d54a340f807a3f09a22427b45fdcb3da8de492972a40729346c9f3df4f0921248e318abaec04fb2e38fbb4aab530ae365a7f19062aafb718880db623fbfdfb6231aeaa05508d035e6c3ca1a460b7e0110c093f61e56ee1cfacbec60fa30c556d3eff53eee2d71c6e15e3a8ec0a6d63cd05a84644f1c08d6a9dea73baf7e42149ff74e5146442357bac7da28618a987591fe4180f5f3c7ef71708b6e51476587a599a8b079f392738ca4a3851321436584f476b93f5417f967f8c2711480b6d4d400fdf2d292f171ed393310b45d3dfae5a6dfca094a94f9cda405d0adbfbeb65924dcf96b1fbfa1a39ee339864b3d39ac5133d0cfdded2f8e029bbef9d012a617f37882d7be9429b33acf16ae69a964b430578dccf39f30ba68699a5852d5192dbf747676c75a566e6f3e912259cbed412df5e96671f0642ece52cfbdcc575935f29aa286c18ef65d1f148051dd3f4b46006fae2a53061144c60af8cd387fea4ddf5e33411c1fbe13f29ad0ccc29cc8a22acc044705ce3f13064ee080466801c8370b577bbc8171cc6d69e5e63d20bd3198d7d5d1dff433e7df8b45f2372ea7db5594d687f5e27b4b3d5a65969ed2cca14eb34555f60d1037e0efbb53e581f5dceaffa911898ac661a74f61de0b86bb5e27b59713fd958fccd331a82fc87f271dccfa98c40e44ccfa2f9544848b6f8f34f0b16842edaf25f178cbffacd467e956272b8837fcfd54b89959873d4a3d124f2678724c8e1834877fe14c18e45b26b4e5a68d4a9d3e2c823882fc53ad64e4fe5e87ad28c241c65ec4bc383bf5aa83aad1f88300d486010171b69d225be912816d52aaabd428e21d882f8bc9ba826d9fe94168b5ce44a13387424ff5987628c99608d1d84946532ab32f8ec15ed4e4abbad57ac596b7b2cfce50f9338a29cda8bac76d02762e09f1a8d0a8a5c5f344d71b392cdda214daf6b2f9d15071383e686e4bb32c7511dc47389d55965bf4a6bb968da172c6bdee6e726eb0622a22524f604e4ec51a6033a409e2fedf212026b2ad78fbdb37544f57a6fb9333c83e11255f4df08b8bfdb63c869ee68ce9131529dda12a5bd5613cc994fede20f03aebdecde06bdd4ff5644c7b0b6d08f41e11124c194a053dff066dbb9095aa55df40cc94afb0d7df960cd1870830bb1164bd09db57f2cce863e46542fe4284792e57d5dea1c761ed0315039c30af6d35010105f9ef2a6940fddc1ced9eddf5731e379df7770e5b55fffe099d229aa2cbb2a4e73e0d7f9932a0b5c2694451e88d4c1612a0a43cecb6fae580219e0dc58ae45fc0435c4e2f906d8c2906282186e4103a4447ca6380e4b359a101abc70acf5b851ec6a18dd04c3424cee1096a17332397d0889ad4a64106d0f5bc52eef6ca2beb895bb8ca0b468b2da00deec93bffde52bf8a834adbd06a3c2fe2eceeca616f1967ba35d4e56d0649f397ec34855eb5b464dc22f62168e5981cb95051c4a2e516d5dd76f2f56715570b9cdce9798faf7d38c7e42c479acdccd99e63bf5e297cfd0dc72c74be1cab913b66cc8dbb2aa198aeba439ae07c0d545d3142aa16eb62857e0166d9c35e42bbae5d246efaaa4851277d6b3bb88174855cfe39b7c2509ad31d4384c2ac9a8181378c99754807afb0036eeb3542daf9fe797fa180469211f7e80a24a51073b7fb5736bfc168af9c65cc12ed082258738b155891f2dc0851af2486af", 0x1000, 0x0)
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r3, 0x0, 0x1)
tkill(r4, 0x1004000000016)
r5 = syz_genetlink_get_family_id$team(&(0x7f00000012c0)='team\x00')
getsockname$packet(r3, &(0x7f0000001340)={0x0, 0x0, <r6=>0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000001380)=0x14)
getsockopt$inet6_mreq(r0, 0x29, 0x0, &(0x7f00000013c0)={@mcast2, <r7=>0x0}, &(0x7f0000001400)=0x14)
getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000001440)={{{@in6=@remote, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in6=@dev}, 0x0, @in=@rand_addr}}, &(0x7f0000001540)=0xe8)
getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000001a80)={{{@in, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}}, {{@in=@broadcast}, 0x0, @in=@broadcast}}, &(0x7f0000001b80)=0xe8)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000001bc0)={'vcan0\x00', <r10=>0x0})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000001c00)={'veth0_to_bridge\x00', <r11=>0x0})
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000001c40)={'vcan0\x00', <r12=>0x0})
recvmmsg(r0, &(0x7f0000003cc0)=[{{&(0x7f0000002000)=@ll={0x0, 0x0, <r13=>0x0, 0x0, 0x0, 0x0, @link_local}, 0x80, &(0x7f0000002480)=[{&(0x7f0000002080)=""/217, 0xd9}, {&(0x7f0000002180)=""/8, 0x8}, {&(0x7f00000021c0)=""/194, 0xc2}, {&(0x7f00000022c0)=""/247, 0xf7}, {&(0x7f00000023c0)=""/182, 0xb6}], 0x5, &(0x7f0000002500)=""/146, 0x92, 0x5}, 0x2}, {{&(0x7f00000025c0)=@pppol2tpv3={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @loopback}}}, 0x80, &(0x7f0000003a00)=[{&(0x7f0000002640)=""/167, 0xa7}, {&(0x7f0000002700)=""/71, 0x47}, {&(0x7f0000002780)=""/7, 0x7}, {&(0x7f00000027c0)=""/4096, 0x1000}, {&(0x7f00000037c0)=""/144, 0x90}, {&(0x7f0000003880)=""/172, 0xac}, {&(0x7f0000003940)=""/5, 0x5}, {&(0x7f0000003980)=""/103, 0x67}], 0x8, &(0x7f0000003a80)=""/201, 0xc9, 0x5}, 0x7}, {{&(0x7f0000003b80)=@pppol2tpv3={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @local}}}, 0x80, &(0x7f0000003c40)=[{&(0x7f0000003c00)=""/35, 0x23}], 0x1, &(0x7f0000003c80)=""/16, 0x10, 0x240000}}], 0x3, 0x2101, 0x0)
getpeername$packet(r3, &(0x7f0000003d80)={0x0, 0x0, <r14=>0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000003dc0)=0x14)
getsockopt$inet_mreqn(r2, 0x0, 0x27, &(0x7f0000003e00)={@multicast2, @broadcast, <r15=>0x0}, &(0x7f0000003e40)=0xc)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000004200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x408}, 0xc, &(0x7f00000041c0)={&(0x7f0000003e80)=ANY=[@ANYBLOB="1c030000", @ANYRES16=r5, @ANYBLOB="01002abd7000fbdbdf250100000008000100", @ANYRES32=r6, @ANYBLOB="0002020040000100240001006c625f706f72745f737461747300000000000000000000000000000000000000080003000b000000080004004b00000008000600", @ANYRES32=r7, @ANYBLOB="40000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004000000000008000600", @ANYRES32=r8, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000080003000b0000000800040009000000080007000000000040000100240001006d6f6465000000000000000000000000000000000000000000000000000000000800030005000000100004006c6f616462616c616e63650040000100240001006c625f706f72745f737461747300000000000000000000000000000000000000080003000b00000008000400ffff000008000600", @ANYRES32=r9, @ANYBLOB="400001002400010071756575655f6964000000000000000000000000000000000000000000000000080003000300000008000400050e000008000600", @ANYRES32=r10, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000800030003000000080004003f00000044000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b000000140004000300010607000000000005080300000008000100", @ANYRES32=r11, @ANYBLOB="f80002003c00010024004f5fe90ba57545e16a0100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000", @ANYRES32=r12, @ANYBLOB="3c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r13, @ANYBLOB="40000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004000100000008000600", @ANYRES32=r14, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r15], 0x31c}, 0x1, 0x0, 0x0, 0x10}, 0x800)
close(r1)

10:16:19 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080))
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:19 executing program 5:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x404000, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0xfe, &(0x7f0000000040)="4f0764c256358e0e8778e4a5f5ae5d67e4f6e0348bada99da99c808062c1eaa34f5cf8e91b194be00a1fcbe8f5c1299eb5a2fbfcf5f2dcf1ec659fc102a9669532f2297abb305ad0", 0x48)
socket$inet(0x2, 0x3, 0x2)

10:16:19 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:19 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x1, 0xd95a040000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:19 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f76")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:19 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f7620")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:19 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:19 executing program 5:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x121400, 0x0)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000001c0))
ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f0000000200)=0x3)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, &(0x7f0000000180), 0x10)
readahead(r0, 0x9, 0x1)
r1 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r1, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:19 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:19 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000016c0)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0)
setsockopt$packet_int(r1, 0x107, 0x1e, &(0x7f0000001700)=0x2, 0x4)
getsockopt(r0, 0x2, 0xce, &(0x7f0000000080)=""/203, &(0x7f00000001c0)=0x45)
getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000500), &(0x7f0000000540)=0x4)
ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000040)=<r2=>0x0)
ioctl$BLKFLSBUF(r1, 0x1261, &(0x7f0000000580)=0x5)
sendmsg(r1, &(0x7f00000004c0)={&(0x7f0000000200)=@ethernet={0x306, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x10}}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000280)="3ec1cb882feb735e4c0c3d1794142f4b38a37530f6fe18d7c7b1bf9bfc7859af8f624b91be1b23ec1d04e7f08cc70949ede6966e0c905585c757b7a81a48c55c84b31b4c580bf3711e88c0952567a966708e113919310417d5ee55e4221286af0e3381e6d15b11f36c5dd478bdaa0298913f12dc33eb462d296ff5e01663fe2f29df63b3a0579dd67cd6b156b2d1cb14c3b3dba4913af806de527b8d0d54d01833c4487e95aac102d2d31429a3484e0b0736615810527007b3", 0xb9}, {&(0x7f0000000340)="bfc086db3ec11e48534e544e8a9d0dd40762381b1aa038c73678a7e4e5e42345e8c85f82784f911ac16e6a6a8d42d14bd95213cdd8ef3489a774fe89be18b973a4bc58fe35f81a7c9dae70ab3680bf1a94f97e98f139c622d5215851d7", 0x5d}, {&(0x7f00000003c0)="3ad34c3dbf4c5f8878894f9a919ae0f0ba4c539222450401e6fa9d5e0afef0bdb20379d51710adaf3dccfc1b17ce6a6c4d6506822dbc3cb83fc8f6f6b490f19feb827fc8b7065e59a92a84f93b23e2bde4170ec0c729ab0b2873c2c3477693", 0x5f}], 0x3, &(0x7f0000000480)=[{0x18, 0x105, 0x80000001, "672722b5"}], 0x18, 0x4000000}, 0x8000)
ptrace$getregs(0xe, r2, 0xffffffffffffff01, &(0x7f0000000180)=""/16)

10:16:19 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:19 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:19 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000700)='/dev/ppp\x00', 0x10000, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@loopback, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@dev}, 0x0, @in=@rand_addr}}, &(0x7f0000000040)=0xe8)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'yam0\x00', r2})
ioctl$sock_inet_sctp_SIOCINQ(r1, 0x541b, &(0x7f00000002c0))
ioctl$IOC_PR_RESERVE(r1, 0x401070c9, &(0x7f0000000340)={0x8d, 0x800})
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000780)={'team0\x00', <r3=>0x0})
ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000300))
sendmsg$nl_route_sched(r1, &(0x7f0000000900)={&(0x7f0000000740)={0x10}, 0xc, &(0x7f00000008c0)={&(0x7f00000007c0)=@newtfilter={0xdc, 0x2c, 0x313, 0x70bd26, 0x25dfdbfc, {0x0, r3, {0xffff, 0x1}, {0x4, 0xb}, {0x7, 0x2}}, [@TCA_CHAIN={0x8, 0xb, 0x5}, @TCA_RATE={0x8, 0x5, {0xfffffffffffffffc, 0x80000001}}, @TCA_CHAIN={0x8, 0xb, 0xcfe}, @filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0xc, 0x2, [@TCA_BPF_CLASSID={0x8, 0x3, {0x10, 0x10}}]}}, @TCA_RATE={0x8, 0x5, {0x101, 0x2}}, @filter_kind_options=@f_flow={{0xc, 0x1, 'flow\x00'}, {0x68, 0x2, [@TCA_FLOW_MASK={0x8, 0x6, 0x8001}, @TCA_FLOW_RSHIFT={0x8, 0x4, 0x2}, @TCA_FLOW_XOR={0x8, 0x7, 0x62}, @TCA_FLOW_XOR={0x8, 0x7}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x100000000}, @TCA_FLOW_KEYS={0x8, 0x1, 0x15eec}, @TCA_FLOW_EMATCHES={0x2c, 0xb, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xb02}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x800}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3f}}]}, @TCA_FLOW_ADDEND={0x8, 0x5, 0x7f}]}}, @TCA_RATE={0x8, 0x5, {0x0, 0x8001}}, @TCA_RATE={0x8, 0x5, {0x3, 0x7f}}]}, 0xdc}, 0x1, 0x0, 0x0, 0x8811}, 0x800)
getsockopt(r1, 0x2, 0x5, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0x21)

10:16:19 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:20 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d34")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:22 executing program 5:
socketpair(0xa, 0x80007, 0x80000001, &(0x7f0000000280)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$EVIOCGNAME(r0, 0x80404506, &(0x7f00000002c0)=""/182)
r1 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r1, 0xffffffffffffffff, 0x8, &(0x7f0000000080)=""/203, &(0x7f0000000040)=0xcb)
getsockopt(r1, 0x40, 0x9, &(0x7f0000000180)=""/235, &(0x7f0000000000)=0xeb)
ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000380)={0x23, 0x24, 0x12, 0x13, 0xa, 0x9, 0x5, 0xa5, 0xffffffffffffffff})

10:16:22 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:22 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:22 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080))
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:22 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:22 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f76")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:22 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f76")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:22 executing program 6:
r0 = socket$inet6(0xa, 0x4, 0x1)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
socket$inet6(0xa, 0x807, 0x7)
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x40810, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000040), &(0x7f0000000100)=0x4)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
ioctl$fiemap(r2, 0xc020660b, &(0x7f0000000140)={0x3, 0x383df8ac, 0x1, 0x800, 0x1, [{0x1000, 0x6, 0xfffffffffffffffc, 0x0, 0x0, 0x102}]})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ppp\x00', 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)
ioctl$TUNSETVNETLE(r2, 0x400454dc, &(0x7f00000002c0)=0xfffffffffffffffd)
ioctl$KVM_HYPERV_EVENTFD(r2, 0x4018aebd, &(0x7f0000000240)={0x3, r2})
ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000200)={0x5, 0x1, 0x7, 0x8, 0x2, 0x7fff, 0xc36, 0x2, 0x1, 0xfff})

10:16:22 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:22 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:22 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x40002)
socket$rds(0x15, 0x5, 0x0)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000180)=""/203, &(0x7f0000000000)=0xcb)
socket$inet(0x2, 0x80000, 0x0)
write$P9_RLINK(r0, &(0x7f00000000c0)={0x7, 0x47, 0x1}, 0x7)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000080)=0xc)

10:16:22 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:22 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:22 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:22 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:22 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:22 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xcb, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
r1 = dup2(r0, r0)
ioctl$sock_inet_SIOCDELRT(r1, 0x890c, &(0x7f0000000240)={0x8001, {0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e23}, {0x2, 0x4e21}, 0x20, 0x8, 0x7fff, 0x2, 0x3, &(0x7f0000000040)='ip6gre0\x00', 0x8, 0x80000001, 0x20})
r2 = syz_open_dev$sndseq(&(0x7f00000001c0)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r2, 0xc0a85320, &(0x7f0000418f50)={{0x80}, 'port1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r2, 0x40505330, &(0x7f0000000080)={{0x0, 0x1}, {0x80}, 0x0, 0xfffffffffffffffd})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000200)={r1, 0x50, &(0x7f0000000180)}, 0x10)

10:16:22 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:22 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x2000003, 0x12, r2, 0x0)
timer_create(0x0, &(0x7f0000000180)={0x0, 0x1f}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
ioctl$KDGETKEYCODE(r2, 0x4b4c, &(0x7f0000000100)={0x7ff, 0x22f8})
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r2, 0x4010ae74, &(0x7f0000000040)={0x2, 0x40, 0x4})
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:22 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:23 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d34")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:23 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
fcntl$setstatus(r0, 0x4, 0x4000)
write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f00000002c0)={0x16, 0x98, 0xfa00, {&(0x7f0000000280)={<r1=>0xffffffff}, 0x3, 0xffffffff, 0x1c, 0x0, @ib={0x1b, 0x0, 0x9, {"22345943be79966b2a540bd2162d82f4"}, 0x7, 0x1f, 0x5}}}, 0xa0)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000380)={0x11, 0x10, 0xfa00, {&(0x7f0000000240), r1}}, 0x18)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff})
ioctl$FIONREAD(r2, 0x541b, &(0x7f00000003c0))
getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000000180)=""/112, &(0x7f0000000040)=0x70)
dup(r0)

10:16:23 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:23 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2), 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:23 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:23 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f76")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:23 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f7620")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:23 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x1, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000040)=0xcb)

10:16:23 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2), 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:23 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
write$P9_RMKDIR(0xffffffffffffffff, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:23 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:23 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$sock_int(r0, 0x1, 0x13, &(0x7f0000000280)=0x400, 0x4)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
r1 = dup(r0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f00000002c0)={<r2=>0x0, 0x400}, &(0x7f0000000300)=0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000340)={r2, 0x1}, 0x8)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff})
mknodat(r3, &(0x7f0000000240)='./file0\x00', 0x4, 0x10000)
r4 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0xffffffff00000001, 0x82b00)
ioctl$KVM_GET_DEBUGREGS(r4, 0x8080aea1, &(0x7f0000000180))

10:16:23 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
write$P9_RMKDIR(0xffffffffffffffff, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:23 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2), 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:23 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
gettid()
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:23 executing program 5:
r0 = socket$inet(0x2, 0x800, 0xb34)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000000c0)={<r2=>0xffffffff}, 0x0, 0x8}}, 0x20)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r1, 0xc008551c, &(0x7f0000000280)={0x3764, 0x20, [0x5, 0x7, 0x10001, 0x9, 0xfffffffffffffff8, 0xee, 0x40000000, 0x100]})
write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000140)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000080), r2, 0x0, 0x1, 0x4}}, 0x20)
getsockopt(r0, 0x1, 0x1000000000000ce, &(0x7f0000000180)=""/203, &(0x7f0000000000)=0xcb)

10:16:24 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d34")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:24 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
write$P9_RMKDIR(0xffffffffffffffff, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:24 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:24 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000), &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:24 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0xa0000, 0x0)

10:16:24 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f7620")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:24 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f76")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

[  325.016222] device bridge_slave_1 left promiscuous mode
[  325.021768] bridge0: port 2(bridge_slave_1) entered disabled state
[  325.040747] device bridge_slave_0 left promiscuous mode
[  325.046310] bridge0: port 1(bridge_slave_0) entered disabled state
10:16:24 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0xa00, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
flock(r1, 0x4)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000180)={<r2=>0xffffffff}, 0x13f, 0x100b}}, 0x20)
write$RDMA_USER_CM_CMD_NOTIFY(r1, &(0x7f0000000200)={0xf, 0x8, 0xfa00, {r2, 0x7}}, 0x10)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:24 executing program 5:
getsockopt(0xffffffffffffffff, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:24 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getxattr(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000200)=@known='system.posix_acl_default\x00', &(0x7f00000012c0)=""/132, 0x84)
mknod(&(0x7f0000000100)='./file0\x00', 0x1040, 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x103001, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f0000000280))
r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
unlink(&(0x7f0000000140)='./file0\x00')
tkill(r1, 0x1000000000016)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000018c0)={&(0x7f0000001880)='./file1\x00', r2}, 0x10)
r3 = geteuid()
quotactl(0x3f, &(0x7f0000000040)='./file1\x00', r3, &(0x7f00000002c0)="2678ee47ae603bfb167ec5e95200071a5a72b73a487132ebc9245774eae96accc29209f3d85ba09eede5df83f72680802bbcfbdcc2de14ad3117f2b408b67a08e2d199b27cdd5bb728bafa172b5a47002b71e45623286a8bf9303c84f8fee9fabf809f633a7f3f12eb55791aab9035d52274908eef5c323b837b2e455add1fe69b278d2262cf0078f0c4dd23afc49f1f9c86088190f942163d6f171c697fe1433dc17d496d797cff3009d8075c014900f6e99950156b058345a5b8061d73e1bfd9f7e90676745b5895752f3f16b900d34769bc60471b423734ba6e093c222b7b1184c2ac4295972d3e14fc11dad0810c7226fd5429f90cb5ce7d26e107edd9c4fa0f07d59f1283986b1a3f8d8b2fca96a5371fbf0b77104cf40233e80792163eb793a2e7a13b073cf0e06c7542442b8d78755fbfddeb46ae695b47cbf89b61f6f98ae140b06353873b3bf7beb084b6a51900828a42922a8f68b062e4a2b7cf340d298d40cbc18f4ff3c711cffec4ce27e17f897143eec8428ee849f2156385317220ad5931ccbd2b7754853755a49dbc260ae5f2e7aecd656635d809e8bba244c36f692c41d2fdf65588eab4c4f2bbcb504312570f8a0e6793a8d9c815a03c58fd2f6009de79f7f5485c246468aa4b273b19a9084448b16d8230171e09f54b4fefd3492c20387a00f63e311e95bb8eb60f52702e6599e2e9e66811ed3a4743b661510577bbad23bb0c61c745f5395bee6a95a67a4755eabe934839e88913a2779c1669582cd629fb4d3a7ece2023d7e09abb2019c9e974b141c19d6896c38d8382a0ea7aa8d622217184e9b534f7c8ba43d078e5e599096de5244972f63e82dd1d074830eb7d8e400e2e99b4e5a9d129a7c564d6b2fdad59744a3bfcb8699091baeb7362cde38db6276e6c401895e3b1ee6efc6f37457aef426a098eeecfad7f8dc0bc62d04266f51f604d036430bccdb5a8c58d54ab5df626920ce3b3adec7b4cf0a74cd64e9cf9bc0cc385584a765ecd8ebd506611b57b7077a27e428890e64ec93c0bd744c0a1316053c6e3a915e7d6f755d925634fb76f0d5a9b9e77ffcb788c9bdda8e29812f2bf6f6eef8447399ffba21ae2c1306961c468e5b8d7f835e5539c1cefa3ae7f33c2874fa18ae7eae15976b1736e0e5eb6bc44baf14c9fe8645d6763af6016b2c63ed3773818cf00a97ff41374b58cf09f9766f0a20ebcc3c94aa517f86831758824b1d4a2c1d528143cc754a8fbca82434116a047fce889bc4aac0611b9399e39e0c07e40e4f7080719aa504d1392f6116f3964dc7a8bdc3bcfaeadd38bcdb52b3a28b912a474c6800f4afef4fbd2cea68245efba3365c9f743e8904fe3fb51bd37610ba782d5cefad662eb3a9f912be206fed8e8de7ce97e7ae7ef1d243c2dcff6aef723df44b7f034bb23baa5aa27d70a693c8286eed956402396ac2259a44059c21f8d5a424f0f8ae3ab67b64a2cbbcc87850e2bdc456900058094dab679c58628d08f04fe334e8e5ce065a01030af4be19145edd9d6be2a8597e9ee6e059ce8dbda767f03ae3ad58cccfc9149fd1bd72b0dbf7bce3152aef6b0c19771985167dc5c29fefc265970c5ec6de226c5bec10c3be84538713e7e95f32bd2f717bdc21037c41edc8244dd6475f0866a7a60d7485641ce6779a9f19453277034037bfa246e5ba534ceadb3b59347ddf9b2da74ac1ff7948192cec940357c823ce0fc3f372b988c5c0c8e5b1a9a8efc3c6f9bf9341a74381490b96d382fcfc855b99a4e47176ecc8f6a577bea1f3497137f98d8849cc6d05fd177ad978c66209bca88240dce6c3e53a3811cce78410a1980364c3c76cd7ad58f3fb7d7baf904b007387e51e0cf8589a9d427516b91495527f067046b581fea4cfc8b9a3425254241900311c43b5bd4b0ce1404aafb38a5dd13f7837a51754b7b3bd6b234af95a43bbd8b451b9107b56e2cf4c9d971f201d25cb94c95332233e17af58db48f1b625a874510aec5cf3019cab52f09623a31aed4017c0184630741e0ab4013d6073930b8334e816e11ce10f99d050808b360d49be2ebc67c1868fe1952cbaefb795381d68c484fe1ccbd96cf961de9314605802213e07e27801519573a622b53c79b76505c7774fe6c411baa63be864261bf6728d4b22391f9a9cb390629bdab014d3eb9c19296413b97e0e1c2ac8b8739ee414ccd14c801d1084be769ac1d5b3d5bd7b79858e4f9a348d065a2a3125a8a2f920d37573abe4c6e0824bc166e8fce77251d9f5f284a9dd6db81b8af54d9d04d1a4cfa3f944a29342af1f1abb1cc54dde537d61711d494c55b061e811aeaf9c26008451054466e4d1f6f31755db4286bc658858adb9931558170d6d6f255a04c11a569d7569b9fa5ee444f4d18f7d040cd96b0dbf380871242166c783da51f045408e4410efc3d4220bff04ec6a0794bb23b783e14c4793ec16ede3f3890213e1142e3c83094193dfc14648a48bb295ec242324aa49d040359f6bbb052b2be42fb4d98b2b94366e5ea0c3eb7e6f677653b614c420ec9c5c8567eef9a709ba4b328b366e08a2bc3ce66a922f8290ec31aeb8084f9ac545ede96a701043b1998acf7d0ebb2cc1c0d33013e9dd172daaf43c9e1554ec5074eb6c6840edc4b06a34d0ffea23c25f9aa6e4e8818441574749ad53f5ac9acd29ecdb546bf69edbce6d41332744de58ca9230512ddd97b1e9b00fadf5925e0d9d0182146c09d06a70a505c2e5df0e3fb847e520c0b0afb1898e2dd15b62e12b1704f740348fa48519dae53c51a2a2d69cc034d18c8a028d34a5bc2df4e00d215b2ab6f1488cac0b8a14ca86c870d7136f75ab9b7fb93cf54f37cc65753928d00c43308b1436eec83ecd733c4be34ce07a445e40537cf8659ebeefb2e9c1a21ca1176df881147bf99564b001d4d13bf2631c4e2a94a9d95e9ee268ab5fbb5c256e85a9dfcc70b296f13433cfe6003202d6a7735d1092d5803b40ffc534860b1395d28de65fc2314d399166c9d9378e0bfb019f0ccadcc874c53e207d091387e61918a501035a4cc4f63b5e7a35322ca7edbeab51ff3dcc52a17bd8cac8a584688d47988a7b5ef33064e2d0e313694e42c48d93dde5d2f2cd41e306efc8d863b80d15fff0bbb5fe4cb65b22ed8544b793ce59b4165aefac79c2e83e52add2bfec12e27096c9ae38b2195aa6307f0a2474162d11ba089e57ee82368a52df662a7a38c79cb8f8deee86fa105212f2ea92e2ca6b37758fe5c65bcc3ba6de3a0b2b55619e75b507d7574a65e40f6e06fab175f0d3136cfd6d8e839e50987785c61d83865f332c0e9832eb727ff686e7d2c4adb94e56f028610c753ced6856f4904a02531c36ef0825bdf1645b05c950602a3171e47351d1ce2198c39d578b8e0a241a6880798e0671d672c007c956db11b63422ff73472085eb38f694e366b9cff77285c7191b6242ff65ed60f8d785e577454bcd6b8257928cae34a170f6380fc9b32e30f5d4bbaa835d0222d2e1038b37fe5ee20e81850d1d458663af188a1011e18099be101cf9cb6ad7142b55977c2b8a7e4343ae745150127229089bd2dd07c175a8418db3e908d89398097031eda5d2b21df86d69a880681527e1ad85d405b9e7c1ab7c05246ae026a1680880dcd1b815966ff23f1a549bf02202045e042c0c90a7c46be9996908a868e750e86cd98cf931eaa2d54b9d72133ee56bb010a2c0e0e9d96b2707293b42a019a44a4180c456a15c8a6bf08b4cb0440dff9af28cdb58efdcf4764dc7c70d839f2c5cca0c8736a6ab0e27dfc0655538b31912373724c9ccdf3fb7e32cec7d3a64d966ebd2de1a092439ae47c32ab6dd363d6d90f90d27d9a3cb4498dfc63fab6b5a2dc60bb4b4bd3dc0a1842f588b229fec049b715106f3f301dbd1c21370e4dde44ab6b7ff902bebbd5dd95c6ce6afdee40b2be4b8d216cdcf0d6791c4f5531c2c05212fcc5f09762750a6b65abb9a87c2589595a2f8b21eb42357e546c3380576f23d67c4039bd8065ba19e3dc8550415db40b8e4aa963d39a077dc7df69662810e82784239b261dd0a4187fb4f32bbb6c702d7125495eae371c3d297926541d84652f36d2c286f5950fd52f566f98e43bf6596e262cc565461c34ae120bfb214ea4c787dae7c4cda61f4d1662795fb24e27a4d82e679c2b9a65abb42e55bbf9aebd6d4f06310bcf7a0b46869c9d5916969b0fe25ea50f83c5f6c492775bca686ad87d27af19b3b7599763193539736f96441e064453e3b343277f6ff6054797b0dbacf94408a4b1397c70ac8a8645b97a442294dc6a9375df04d4f49ddef8764d9826120863d9925518a05d6667649442bced44dfd44ee31c1e3f3b87d9e7b9b5d9093e494f733a3b140ad7baa72508f87041ee86dc1bbe500271c7551f3baab8206cb3727ee34a18b008a4ea6ff32355e1653edea7b3015c6131a1b9348b2eda46ce599305d03548c022be7bf7412d7bc5c1ceb3ed794647dcbdd89a6df021f20811dac88d2ce957ec65f3b0332c410191659092572d83673cb0d89cf0ee6d381cc0746c4d11ca7f533dcde81cab77fbb8ea7c5ea3c8be40ed9efbb09e389dbaaea7554c746eb543cdab8f97b83ac41892a532b5ade9fa1c3614d3f16e2b383b360d9171ae04c631402ed5c28136d9bb244df99612fb9f306c4a378031d4db28387204356eae2e595b367f627041ce4f5d28f88fa2a08edce31404571c1d0671a3783990b3b058fb5f13c8eeb1d7a7026cee19ae888091f7583542e608856ab364ef3af14597f19ce5c83f31530d7b5c776bf9d5df5ad42192cc58f91b31b37567de2a2f750a290cc7c6dd5a61b0b0b833a0fee4b4f0126bc7158ef2fb4eb05052420108716ddf0161c09a5eeaae4dd5fd965b832b60c6f0d4b4455d165b3d292815882cb875fe2880bb64cbc7ac5ade668de6bdcbfb49e6bc7cb6f43d3a30dd2befbd3fe4995dce161cf46a49837394131dce8211d9b5d2777cbd9b93d98968df1a8019797a8f1a6a4c764d51207a60df0f3cf90dd99e2bddf45c2b7d7be4962973542aa2e276aa76f2e6d5d9476b77371ad0aa44f173241deeaedb2cd9aca7cc84d812425afa263ffc493dca8bb44b8faabd8c7467f4807bce09cd36498883af663222523aba0d6805c0c92bc1ffaed6f9cca585ba76f670d9651d29c95b138389735dae72b0ecc1f032c05db0747063acbdff7e5827484c024eb6421a6589c172e94d57ef2c26759ed035170447209241c9de2330bde1722815b99995676e41b109da67757977f9789eb4503ab11e8e67f430e0bad15f5a21749856f686a1adbf20eb8d00440a097af7ae356ab5f69ef9a3aab82be03a8ceeb6615a6a757ba5eee55baefb31a1386b2df1c7d4da1bcd70acd847fde2cbca42e8663cbf589620537b890ad859f169aadd78d6f5769d81a5d2f7f26022634971a3840d76021a1f8c674419fa3441cfad856716f0f13f4dff3985fb3d77303a13eeb86903c6ea59211b6b903a9834ae50908b040f04acd0a8fd451ef26a2657a085f19d07e93821db2e3a54b314d22df03cd65ff819b83c7c1916fd3d4e9301c6484ede642118e99c3c71b0d654865b15f0008eea1cd277db2172cee9e7845cb784d9bb82b7ab10cc320e7515cca2aab25a68c715f1deda3a86e9353b970c435172bae604b018fcb8976a3a0ac69826377cd64807afb941aba3d5dba06c0b1f986df2fde6ba0839a0011417982c42fa264da110a8407312017210bb75eb05567dc9444c04fd0331569d654d4525")
clock_gettime(0x0, &(0x7f0000000240)={<r4=>0x0, <r5=>0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, &(0x7f0000001380)={{0x4, 0x7, 0x8, 0xce7d, 'syz0\x00', 0x800}, 0x0, [0x2, 0x100, 0x92, 0x2, 0xf99, 0x0, 0x7, 0x534, 0x8000, 0x80, 0xfff, 0x8, 0xfffffffffffff800, 0x401, 0x8, 0x6, 0x5, 0xbc69, 0x20, 0xffffffff, 0xa6, 0xfffffffffffffffc, 0x5, 0x8, 0x1, 0x3, 0x5, 0x1, 0x5, 0x0, 0x7, 0xffffffff00000000, 0x7, 0x6, 0x9, 0x9, 0xfffffffffffff000, 0x5, 0x2, 0xffffffff, 0xef9, 0x4, 0x4, 0x40, 0x3ff, 0x8001, 0x468f, 0x9, 0x10000, 0x5, 0x0, 0x2, 0x1, 0x7f, 0x80000001, 0x4, 0xffff, 0x100000001, 0x0, 0x6, 0x3, 0xfffffffffffffff7, 0x13, 0x2, 0x1, 0x8, 0x1, 0xffff, 0x3, 0x3, 0x80, 0xfffffffffffffdb1, 0x3d, 0x7, 0xfffffffffffffffd, 0x200, 0xfffffffffffffffb, 0x5, 0x7, 0x7f, 0x9, 0x3f, 0x9, 0x3, 0x7, 0x100000001, 0x1f, 0x1, 0x8001, 0x1ff, 0x4, 0x1c, 0x800, 0x6, 0x8000, 0x1d37000000, 0x101, 0x7, 0x1ff, 0x400, 0xaf, 0x4, 0x768d, 0x465, 0xffffffffffffff81, 0x2, 0x4, 0x3, 0x7, 0x10001, 0x1ff, 0x1f, 0x101, 0x80000001, 0x3ff, 0x0, 0x16aa, 0x7, 0xf5c, 0xfe10, 0x4, 0x40, 0x2, 0x8000, 0x3ff, 0x2, 0x6, 0x5], {r4, r5+30000000}})

[  325.952812] team0 (unregistering): Port device team_slave_1 removed
[  325.961738] team0 (unregistering): Port device team_slave_0 removed
[  325.970277] bond0 (unregistering): Releasing backup interface bond_slave_1
[  325.986144] bond0 (unregistering): Releasing backup interface bond_slave_0
[  326.009901] bond0 (unregistering): Released all slaves
10:16:25 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d34")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:25 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="020a5d7600000000000036")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000100)=ANY=[@ANYBLOB="010000800000000002004e20ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000334800000000000000000000000000000000000000000000000000000000000000000000000000010000000500000002004e21ac14140a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e21ac14141b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e24e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e23ac1414aa00000000000000000000000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e247f000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x310)
ptrace$setopts(0x4200, r3, 0x18000000000, 0x4)
close(r1)

10:16:25 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:25 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:25 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f7620")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:25 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f7620")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:25 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = dup(r0)
r2 = syz_genetlink_get_family_id$team(&(0x7f0000000180)='team\x00')
getsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000280)={@empty, @rand_addr, <r3=>0x0}, &(0x7f00000002c0)=0xc)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000300)={<r4=>0x0, @loopback, @loopback}, &(0x7f0000000340)=0xc)
recvmsg(r0, &(0x7f0000000600)={&(0x7f00000003c0)=@can={0x0, <r5=>0x0}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000440)=""/215, 0xd7}, {&(0x7f0000000540)=""/68, 0x44}], 0x2, 0x0, 0x0, 0x59}, 0x40000000)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000700)={{{@in=@local, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in6=@local}, 0x0, @in6=@loopback}}, &(0x7f0000000800)=0xe8)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000004880)={@local, <r7=>0x0}, &(0x7f00000048c0)=0x14)
getsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000004900)={@multicast2, @remote, <r8=>0x0}, &(0x7f0000004940)=0xc)
recvmmsg(r0, &(0x7f0000009000)=[{{&(0x7f0000004980)=@alg, 0x80, &(0x7f0000006e00)=[{&(0x7f0000004a00)=""/121, 0x79}, {&(0x7f0000004a80)=""/122, 0x7a}, {&(0x7f0000004b00)=""/108, 0x6c}, {&(0x7f0000004b80)=""/4096, 0x1000}, {&(0x7f0000005b80)=""/4096, 0x1000}, {&(0x7f0000006b80)=""/185, 0xb9}, {&(0x7f0000006c40)=""/161, 0xa1}, {&(0x7f0000006d00)=""/228, 0xe4}], 0x8, 0x0, 0x0, 0x7}, 0x6cee4ac2}, {{&(0x7f0000006e80)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000007100)=[{&(0x7f0000006f00)=""/234, 0xea}, {&(0x7f0000007000)=""/76, 0x4c}, {&(0x7f0000007080)=""/81, 0x51}], 0x3, 0x0, 0x0, 0x8}, 0x3}, {{&(0x7f0000007140)=@un=@abs, 0x80, &(0x7f0000007240)=[{&(0x7f00000071c0)=""/114, 0x72}], 0x1, 0x0, 0x0, 0x7}, 0x2}, {{&(0x7f0000007280)=@hci={0x0, <r9=>0x0}, 0x80, &(0x7f0000007500)=[{&(0x7f0000007300)=""/7, 0x7}, {&(0x7f0000007340)=""/128, 0x80}, {&(0x7f00000073c0)}, {&(0x7f0000007400)}, {&(0x7f0000007440)=""/147, 0x93}], 0x5, &(0x7f0000007580)=""/2, 0x2, 0x10000}, 0x8000}, {{&(0x7f00000075c0)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @mcast2}}}, 0x80, &(0x7f0000007800)=[{&(0x7f0000007640)=""/152, 0x98}, {&(0x7f0000007700)=""/200, 0xc8}], 0x2, 0x0, 0x0, 0x7fff}, 0x7}, {{&(0x7f0000007840)=@pppoe={0x0, 0x0, {0x0, @local}}, 0x80, &(0x7f0000007ac0)=[{&(0x7f00000078c0)=""/240, 0xf0}, {&(0x7f00000079c0)=""/210, 0xd2}], 0x2, &(0x7f0000007b00)=""/17, 0x11, 0x6}, 0x4}, {{&(0x7f0000007b40)=@generic, 0x80, &(0x7f0000008d00)=[{&(0x7f0000007bc0)=""/21, 0x15}, {&(0x7f0000007c00)=""/4096, 0x1000}, {&(0x7f0000008c00)=""/106, 0x6a}, {&(0x7f0000008c80)=""/92, 0x5c}], 0x4, &(0x7f0000008d40)=""/70, 0x46, 0x3f}, 0x401}, {{0x0, 0x0, &(0x7f0000008fc0)=[{&(0x7f0000008dc0)=""/20, 0x14}, {&(0x7f0000008e00)=""/193, 0xc1}, {&(0x7f0000008f00)=""/136, 0x88}], 0x3, 0x0, 0x0, 0x7f0}, 0x1}], 0x8, 0x0, &(0x7f0000009200)={0x77359400})
recvmmsg(r0, &(0x7f000000e2c0)=[{{&(0x7f0000009240)=@in6={0x0, 0x0, 0x0, @local}, 0x80, &(0x7f00000094c0)=[{&(0x7f00000092c0)=""/222, 0xde}, {&(0x7f00000093c0)=""/218, 0xda}], 0x2, &(0x7f0000009500)=""/216, 0xd8, 0x20}, 0xfffffffffffffffc}, {{&(0x7f0000009600)=@l2, 0x80, &(0x7f000000a800)=[{&(0x7f0000009680)=""/4096, 0x1000}, {&(0x7f000000a680)=""/252, 0xfc}, {&(0x7f000000a780)=""/95, 0x5f}], 0x3, 0x0, 0x0, 0x3}, 0x1}, {{&(0x7f000000a840)=@xdp={0x0, 0x0, <r10=>0x0}, 0x80, &(0x7f000000abc0)=[{&(0x7f000000a8c0)=""/51, 0x33}, {&(0x7f000000a900)=""/34, 0x22}, {&(0x7f000000a940)=""/69, 0x45}, {&(0x7f000000a9c0)=""/67, 0x43}, {&(0x7f000000aa40)=""/33, 0x21}, {&(0x7f000000aa80)=""/186, 0xba}, {&(0x7f000000ab40)=""/124, 0x7c}], 0x7, &(0x7f000000ac40)=""/39, 0x27, 0x2}, 0x5}, {{&(0x7f000000ac80)=@in6={0x0, 0x0, 0x0, @mcast2}, 0x80, &(0x7f000000bf80)=[{&(0x7f000000ad00)=""/4096, 0x1000}, {&(0x7f000000bd00)=""/182, 0xb6}, {&(0x7f000000bdc0)=""/243, 0xf3}, {&(0x7f000000bec0)=""/190, 0xbe}], 0x4, &(0x7f000000bfc0)=""/88, 0x58, 0x4}, 0x5fa5}, {{0x0, 0x0, &(0x7f000000d480)=[{&(0x7f000000c040)=""/194, 0xc2}, {&(0x7f000000c140)=""/197, 0xc5}, {&(0x7f000000c240)}, {&(0x7f000000c280)=""/112, 0x70}, {&(0x7f000000c300)=""/200, 0xc8}, {&(0x7f000000c400)=""/25, 0x19}, {&(0x7f000000c440)=""/40, 0x28}, {&(0x7f000000c480)=""/4096, 0x1000}], 0x8, &(0x7f000000d500)=""/144, 0x90, 0x2}, 0x50c}, {{&(0x7f000000d5c0)=@llc, 0x80, &(0x7f000000d700)=[{&(0x7f000000d640)=""/149, 0x95}], 0x1, &(0x7f000000d740)=""/171, 0xab, 0x5}, 0x100000001}, {{&(0x7f000000d800)=@llc, 0x80, &(0x7f000000d900)=[{&(0x7f000000d880)=""/110, 0x6e}], 0x1, &(0x7f000000d940)=""/246, 0xf6, 0x2}, 0x8001}, {{0x0, 0x0, &(0x7f000000db00)=[{&(0x7f000000da40)=""/174, 0xae}], 0x1, &(0x7f000000db40)=""/12, 0xc, 0x101}, 0xd666000000000000}, {{&(0x7f000000db80)=@pppoe={0x0, 0x0, {0x0, @random}}, 0x80, &(0x7f000000df80)=[{&(0x7f000000dc00)=""/154, 0x9a}, {&(0x7f000000dcc0)=""/92, 0x5c}, {&(0x7f000000dd40)=""/39, 0x27}, {&(0x7f000000dd80)=""/144, 0x90}, {&(0x7f000000de40)=""/140, 0x8c}, {&(0x7f000000df00)=""/120, 0x78}], 0x6, &(0x7f000000e000)=""/122, 0x7a, 0x9}, 0x99}, {{0x0, 0x0, &(0x7f000000e240)=[{&(0x7f000000e080)=""/237, 0xed}, {&(0x7f000000e180)=""/147, 0x93}], 0x2, &(0x7f000000e280)=""/23, 0x17}, 0x1}], 0xa, 0x2000, &(0x7f000000e540)={0x0, 0x1c9c380})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f000000e580)={'bond_slave_0\x00', <r11=>0x0})
accept$packet(0xffffffffffffffff, &(0x7f000000e680)={0x0, 0x0, <r12=>0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f000000e6c0)=0x14)
accept4$packet(0xffffffffffffff9c, &(0x7f000000e700)={0x0, 0x0, <r13=>0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f000000e740)=0x14, 0x80000)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f000000e780)={'team_slave_1\x00', <r14=>0x0})
getsockname$packet(0xffffffffffffffff, &(0x7f000000e7c0)={0x0, 0x0, <r15=>0x0, 0x0, 0x0, 0x0, @local}, &(0x7f000000e800)=0x14)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f000000e840)={@mcast1, <r16=>0x0}, &(0x7f000000e880)=0x14)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f000000e8c0)={<r17=>0x0, @loopback, @loopback}, &(0x7f000000e900)=0xc)
getsockopt$inet6_mreq(r0, 0x29, 0x1f, &(0x7f000000e940)={@dev, <r18=>0x0}, &(0x7f000000e980)=0x14)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f000000ea80)={{{@in6, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r19=>0x0}}, {{@in=@multicast2}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f000000eb80)=0xe8)
getpeername(r0, &(0x7f000000ec80)=@can={0x0, <r20=>0x0}, &(0x7f000000ed00)=0x80)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f000000ed40)={'team0\x00', <r21=>0x0})
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1d, &(0x7f000000ee40)={@mcast1, <r22=>0x0}, &(0x7f000000ee80)=0x14)
getsockopt$inet6_mreq(0xffffffffffffff9c, 0x29, 0x1c, &(0x7f000000eec0)={@empty, <r23=>0x0}, &(0x7f000000ef00)=0x14)
getpeername$packet(0xffffffffffffffff, &(0x7f000000ef40)={0x0, 0x0, <r24=>0x0, 0x0, 0x0, 0x0, @random}, &(0x7f000000ef80)=0x14)
getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f000000f100)={@rand_addr, @remote, <r25=>0x0}, &(0x7f000000f140)=0xc)
accept$packet(0xffffffffffffffff, &(0x7f0000012440)={0x0, 0x0, <r26=>0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000012480)=0x14)
getpeername$packet(r0, &(0x7f00000124c0)={0x0, 0x0, <r27=>0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f0000012500)=0x14)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000012540)={{{@in6=@remote, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r28=>0x0}}, {{@in6=@mcast1}, 0x0, @in=@multicast2}}, &(0x7f0000012640)=0xe8)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000012680)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r29=>0x0}}, {{@in6=@mcast1}, 0x0, @in6=@dev}}, &(0x7f0000012780)=0xe8)
accept4$packet(r0, &(0x7f00000127c0)={0x0, 0x0, <r30=>0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000012800)=0x14, 0x800)
accept$packet(r0, &(0x7f0000012900)={0x0, 0x0, <r31=>0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000012940)=0x14)
getsockname$packet(0xffffffffffffff9c, &(0x7f0000012a40)={0x0, 0x0, <r32=>0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000012a80)=0x14)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000012ac0)={{{@in=@loopback, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r33=>0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000012bc0)=0xe8)
getsockopt$inet6_mreq(0xffffffffffffff9c, 0x29, 0x1c, &(0x7f0000012c00)={@empty, <r34=>0x0}, &(0x7f0000012c40)=0x14)
getpeername$packet(0xffffffffffffffff, &(0x7f0000012d40)={0x0, 0x0, <r35=>0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000012d80)=0x14)
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000013ac0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x50000000}, 0xc, &(0x7f0000013a80)={&(0x7f0000012dc0)={0xca4, r2, 0x6, 0x70bd2c, 0x25dfdbfc, {0x1}, [{{0x8, 0x1, r3}, {0x134, 0x2, [{0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x1f}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4, 0x8000}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x4e}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8, 0x3, 0xe}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x8}}}]}}, {{0x8, 0x1, r7}, {0xbc, 0x2, [{0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x1980000000000}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8, 0x3, 0xe}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r9}}, {0x8, 0x7}}}]}}, {{0x8, 0x1, r10}, {0x80, 0x2, [{0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r11}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r12}}, {0x8, 0x7}}}]}}, {{0x8, 0x1, r13}, {0x16c, 0x2, [{0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4, 0x20}}, {0x8, 0x6, r14}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x8}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x80000000}}, {0x8, 0x6, r15}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x4}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r16}}, {0x8, 0x7}}}]}}, {{0x8, 0x1, r17}, {0xf8, 0x2, [{0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0xe5ec}}, {0x8, 0x6, r18}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r19}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x9}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4, 0x4}}, {0x8, 0x6, r20}}}]}}, {{0x8, 0x1, r21}, {0x190, 0x2, [{0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8, 0x3, 0x5}, {0xc, 0x4, 'hash\x00'}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4, 0xffffffffffffffff}}, {0x8, 0x7}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8, 0x3, 0x5}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r22}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8, 0x3, 0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8, 0x3, 0x5}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8, 0x1, r23}, {0x108, 0x2, [{0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r24}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0xffffffff}}}, {0x54, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8, 0x3, 0xb}, {0x24, 0x4, [{0x525, 0x0, 0x7, 0x6}, {0x8, 0x2, 0x1, 0x7}, {0x8, 0x0, 0x81, 0x1}, {0x8001, 0xa18, 0x7f, 0x3}]}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x8}}}]}}, {{0x8, 0x1, r25}, {0x268, 0x2, [{0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r26}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0xfffffffffffffc00}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r27}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8, 0x3, 0x5}, {0x10, 0x4, 'broadcast\x00'}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r28}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8, 0x3, 0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0xffffffffffffffff}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x7}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r29}}}, {0x4c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8, 0x3, 0xb}, {0x1c, 0x4, [{0x80000001, 0x9ea, 0x81, 0x9}, {0x1, 0x0, 0x9bb, 0x6}, {0xfffffffffffffff7, 0xfffffffffffffff8, 0x6, 0x101}]}}}]}}, {{0x8, 0x1, r30}, {0xf8, 0x2, [{0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8, 0x3, 0x5}, {0x10, 0x4, 'broadcast\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r31}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r32}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8, 0x3, 0x5}, {0xc, 0x4, 'hash\x00'}}}]}}, {{0x8, 0x1, r33}, {0x174, 0x2, [{0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4, 0xe4}}, {0x8, 0x7}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r34}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x40}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4, 0x18000000000}}, {0x8, 0x6, r35}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8, 0x3, 0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}]}, 0xca4}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:25 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:25 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:27 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000), &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:27 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:27 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:27 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f76")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:27 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f7620")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:27 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:27 executing program 5:
r0 = accept4$vsock_stream(0xffffffffffffff9c, &(0x7f0000000040)={0x28, 0x0, 0x5a7e08c4b434b9f1, @hyper}, 0x10, 0x800)
ioctl$sock_proto_private(r0, 0x89ea, &(0x7f0000000180)="1b4d9bd02ee36b4e4d43610dad5cb397abfd2939f920a4ed4969a42c0383ea7391c43003fc605251a25250b86c6d07d2e64cbc7c3a8c6020072d6f633a83d586aa8143ab701403f8ad143803fe46157b92de462790ae2fa656fe30bba420749184809c1736c4debd981cddd6dceeeb2324ff09ca007bbaf4ab2c99810088e11e6f890c66ddea92b208a480aecdf043a278e3e63f98e761b8a75ff5bd260f279f91fe80aa434c1bf5b49bf50d56304f68578c138384f5208fa06d07e890316251e8185aae0c8f8aec37472b5206e6dae4233bb3adb780a162b1e603df25e58836aa0a82a1047403d5aeec2cbb678fabdb876fd072ed63c1fbfb0ed925a4")
r1 = socket$inet(0x2, 0x0, 0x2)
getsockopt(r1, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vsock\x00', 0x4000, 0x0)
getsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, &(0x7f00000002c0), &(0x7f0000000300)=0x4)

10:16:27 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r1, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:28 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000040)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:28 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:28 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:28 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r1, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:28 executing program 5:
r0 = syz_open_dev$usbmon(&(0x7f00000002c0)='/dev/usbmon#\x00', 0x8, 0x220000)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000300)={{{@in6, @in6=@mcast2}}, {{@in=@dev}}}, &(0x7f0000000400)=0xe8)
r1 = socket$inet(0x2, 0x6, 0xffffffffffffffff)
getsockopt(r1, 0x8000000000, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
r2 = accept$inet6(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, @mcast2}, &(0x7f0000000180)=0x1c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f00000001c0)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x13}}, @in6={0xa, 0x4e20, 0x2, @mcast2={0xff, 0x2, [], 0x1}, 0x1}, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, @in6={0xa, 0x4e22, 0x4361, @ipv4={[], [0xff, 0xff], @broadcast=0xffffffff}, 0x20}, @in6={0xa, 0x4e20, 0x80000000, @mcast1={0xff, 0x1, [], 0x1}}, @in6={0xa, 0x4e23, 0x5, @local={0xfe, 0x80, [], 0xaa}, 0x100}, @in={0x2, 0x4e22, @multicast1=0xe0000001}, @in6={0xa, 0x4e23, 0x8, @empty, 0x5}, @in6={0xa, 0x4e23, 0x9, @mcast1={0xff, 0x1, [], 0x1}, 0x9}], 0xd8)

10:16:28 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f7620")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:28 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f76")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:28 executing program 5:
r0 = socket$inet(0x2, 0x7, 0x80)
r1 = syz_open_dev$adsp(&(0x7f0000000200)='/dev/adsp#\x00', 0x89bd, 0x200000)
ioctl$EVIOCSABS3F(r1, 0x401845ff, &(0x7f0000000180)={0xfffffffffffffe01, 0x1, 0x4, 0x7, 0x8000, 0x2})
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
getitimer(0x2, &(0x7f0000000040))

10:16:30 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000), &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:30 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:30 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r1, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:30 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:30 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0xfffffffffffffffd, 0x0, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xfffffffffffffdf4)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x4001, 0x0)
ioctl$VT_WAITACTIVE(r1, 0x5607)

10:16:30 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f76")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:30 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:30 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
clock_gettime(0x0, &(0x7f0000000040)={<r4=>0x0, <r5=>0x0})
timerfd_settime(r2, 0x1, &(0x7f0000000100)={{r4, r5+10000000}, {0x77359400}}, &(0x7f0000000140))
tkill(r3, 0x1004000000016)
close(r1)

10:16:30 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:30 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:30 executing program 5:
r0 = socket$inet(0x2, 0x1003, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000180)={<r1=>0x0, 0x3}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000200)=ANY=[@ANYRES32=r1, @ANYBLOB="af0000004a4026ecd8498e3fe67a8d55fd62011b0dd4a79ddd524e09aeac6932046b735677cafd3989f2280b51f86f27d82461e0c541c0fcad385020f233615696e9122bc6cfe05e7f1dcd6c29feb5297b863fcf9a79588f8af710cde9f2619ae4936f7cd09989a432a3c773c99c0b5fd594b254f34d542826f03134525065ec6b7000713327a8d2de65e167ba3943005cc70b8ca573c9d30d1f3cdb400ffb1ba7bbc4f6f1cec32ecd126540515714779f9119"], &(0x7f00000002c0)=0xb7)
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/qat_adf_ctl\x00', 0x10000, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0xffffffffffffff09, 0xfa00, {0x3, &(0x7f0000000380)={<r3=>0xffffffff}, 0x117, 0x100b}}, 0xfffffffffffffdf0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f0000000400)={0x10, 0x30, 0xfa00, {&(0x7f0000000340), 0x3, {0xa, 0x4e24, 0xffffffffffffff0d, @ipv4={[], [0xff, 0xff], @rand_addr=0x81}, 0x6}, r3}}, 0x38)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x2, 0x6, 0x40})

10:16:30 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:30 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:30 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:30 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:30 executing program 5:
r0 = socket$inet(0x2, 0x200000000000, 0x2)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x8000, 0x0)
ioctl$SG_GET_VERSION_NUM(r1, 0x2282, &(0x7f0000000200))
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000180)={{0x6d, @local={0xac, 0x14, 0x14, 0xaa}, 0x4e22, 0x3, 'lblcr\x00', 0x22, 0x1}, {@rand_addr=0x2c2, 0x4e23, 0x10007, 0xd16b, 0xd43, 0x2}}, 0x44)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:33 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(0xffffffffffffffff, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:33 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:33 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:33 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:33 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:33 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f7620")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:33 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt$inet6_mreq(0xffffffffffffff9c, 0x29, 0x0, &(0x7f0000000040)={@dev, <r1=>0x0}, &(0x7f0000000180)=0x14)
fstat(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000240)={{{@in6=@ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0xb}}, @in6=@dev={0xfe, 0x80, [], 0x19}, 0x4e20, 0x3, 0x4e21, 0x0, 0x73187356fc2245c2, 0x20, 0x20, 0x3a, r1, r2}, {0x5, 0x8, 0x2, 0x1, 0x1, 0x7, 0x3}, {0x6, 0x6, 0x1400000, 0xf9b}, 0x1ff, 0x6e6bb8, 0x0, 0x0, 0x1, 0x2}, {{@in6=@ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}, 0x791f, 0x7f}, 0xa, @in6=@loopback={0x0, 0x1}, 0x3507, 0x1, 0x0, 0x8, 0x5, 0x8, 0x8}}, 0xe8)
getsockopt(r0, 0x200, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000340)=0xcb)

10:16:33 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
r3 = gettid()
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000100)={{0x3, 0x5, 0x5, 0x380, 'syz1\x00', 0xcb}, 0x2, 0x14, 0xe, r3, 0x6, 0x0, 'syz1\x00', &(0x7f0000000040)=['\x00', '#\x00', '-\x00', '@/\x00', 'vmnet1,\x00', '\x00'], 0x11, [], [0x5, 0xfffffffffffffffb, 0x3, 0x7]})
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r4, 0x1004000000016)
close(r1)

10:16:33 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:33 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000180)={<r1=>0x0, @in6={{0xa, 0x4e23, 0xffffffffffff8000, @mcast1={0xff, 0x1, [], 0x1}, 0x8}}, [0x1ff, 0x1, 0x6f9, 0x401, 0x1000, 0x1, 0x101, 0x7fff, 0x8, 0x1, 0x7f, 0x8, 0x1f, 0x6, 0x7]}, &(0x7f0000000040)=0x100)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000280)={<r2=>0x0, 0xfffffffffffffffe, 0x30}, &(0x7f00000002c0)=0xc)
getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000300)={r1, 0x498, 0x10000, 0x3, 0x80, 0x2, 0x0, 0x7, {r2, @in6={{0xa, 0x4e23, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0x3}}, 0x4, 0x4, 0x3, 0x100000001, 0x8}}, &(0x7f00000003c0)=0xb0)

10:16:33 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:33 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:33 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:33 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e21}, 0x10)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:33 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:33 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:34 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(0x0, 0x1004000000016)
close(r1)

10:16:34 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:34 executing program 5:
r0 = socket$inet(0x2, 0x4, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000040), &(0x7f0000000180)=0x4)

10:16:34 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:34 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:34 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f7620")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:34 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:34 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
setsockopt$nfc_llcp_NFC_LLCP_MIUX(0xffffffffffffffff, 0x118, 0x1, &(0x7f0000000040)=0xffff, 0x4)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuset.effective_mems\x00', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r0, &(0x7f0000000100)={0xc0000011})
write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x2)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(0xffffffffffffffff, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:34 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:34 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:34 executing program 3:
socket$inet6(0xa, 0x1000000000002, 0x0)
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r1, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:34 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:34 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000240)={0x4, &(0x7f0000000200)=[{0x2, 0x9}, {0x1}, {0x401, 0x8}, {0xfff, 0x7}]})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={0x1, 0x28, &(0x7f0000000040)={0x0, <r1=>0x0}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000002c0)={r1, 0x8, 0x10}, 0xc)
r2 = socket$inet(0x2, 0x3, 0x2)
write$P9_RSETATTR(0xffffffffffffffff, &(0x7f0000000180)={0x7, 0x1b, 0x2}, 0x7)
getsockopt(r2, 0x0, 0xcf, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:34 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x4000, 0x0)
ioctl$KVM_SET_XSAVE(r2, 0x5000aea5, &(0x7f0000000180)={"c21a20daecdd7db7f72ecc2aa6a1eb6dfbfba21312d5b71ce2d211ee9864b385ad9af8311f69eed65a2799c36b1f0ab98fb5bc862fa84c520c84d5d5811985fee6731dbd5e3d7e248aa56dabf3828faaf476d8d2fb41c3d02aeffc2c4c9c80f07cf78aefd7b6c228fa85f5bb5c3634b646a2be6216bac402fc0495d1ec3d8986a80bdf36204c6d2243c92d491bfcf8a3b044ddfed790165850702d7e58cbfac1199b74d7e150327aeba9d5bdd9f3c0009f92d29d98e1938ad2d7518c268df406b1433514f99be528ce9e2b315a57a79cefe3bbad015f23561f29e49d47222e9d2ab9f44d6ac84bb21b63bc8b56ee47d9dc930e0aafc096233d7b503de4368c5f09fe26d42d315215becf8016f4f734fbc831bc3527c57500e99d22e53ec54c331afc20d612a8210274bbf120f252ab53086846b65b5b0cf983b71a6e650c4370cfeec192493c3d45dcda5335b7c098accdc1f169c2a7e077127d00773f21c1306797010ff74f47415940fdcd7b9ecd720b28c08575180946c90f6791b5c357ac1f6e42cefa0e7c44113ed9f51410c992d4d9f1d5a785548b9ab23bef194f54e2e4b759bd52063533b3f6ad54a7509abf20c186a20be1ca462732f55702c45e7e4d3744f10f8f8120664600fcf887c214a557cec46a0127838cb843960e6bdf470e5c328de9d1b64cc96abf910ddf24260fc794b0b879dbf43b810d4bba4e3de682c3f7a87fc1a131cc41b949f7096c2da215b88a9c7e63f33b1809340777735d7f927dac6b7c466ad5fdcc66b0e0ed93d13184fd003be026da8c566a3d24bb9b9cee8ad5b852231654bd34beea18165e82be3ec55c67a7be9bfc6e612325e55bc7ed9cde473f5ed7a5dfa8a7182b8ebd2c09ab13e5af6b29146a2e96322f247a0c0459e0ef64ef636d62d2d2b1c07ce761dcf57176466188c9e7135b0e9a0fb005f296501326aade30075e2f71a9fa4959bc8955fe15d65f22af22faf0274117b6abb05e59ce09c5cb1cee518e377aa5210c9a5babd4927d24fb18ec39820d6b1f858eee11d8236a4db9025e92070e908beb5b091eff2a06bdf6e8185c07a03ec1849e7601eaf3c69d103fe63e7a4edd7855618f8a124c73081ecedfd7eb0f1e70d829b12581a732926749638cae1463403a407f0b8fd26593ba9b1388de7d174dc57eefc64beefb899718ad5884fe972eabf83a954e766191a4fa19f476781f5da8926bf6ae7c658e1c1263585821ad8c8323c4a3bc3f4775c8c5e66c655ea9b94cdfbdbb07b1e0e5068b20e9de822ce352bab43cfb5d731b88d038dff4304bd5226e3eaeb48c3e631d1cca1ca746dc72f75b59f8f39dbd5c307e9d5033da61e05acc80a44556309f207d9e99bd994c3f773126776215d3d432aea314e6e39a1463da94692719a4bbfef12dfd0315e244115b35746663bd1d88a81baee6eaf3"})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = creat(&(0x7f0000000140)='./control\x00', 0x82)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r3, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r4, 0x1004000000016)
close(r1)

10:16:34 executing program 3:
socket$inet6(0xa, 0x1000000000002, 0x0)
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r1, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:34 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0xc0b00, 0x0)
setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000180)={0x3}, 0x4)

10:16:34 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(0x0, 0x1004000000016)
close(r1)

10:16:34 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:34 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:34 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:34 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
timer_create(0x0, &(0x7f00000001c0)={0x0, 0x23, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000200)=<r1=>0x0)
timer_delete(r1)
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
chmod(&(0x7f0000000180)='./control/file0\x00', 0xc)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r3 = dup2(r2, r2)
clock_gettime(0x0, &(0x7f0000000040)={<r4=>0x0, <r5=>0x0})
timerfd_settime(r3, 0x1, &(0x7f0000000100)={{r4, r5+10000000}, {0x77359400}}, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r7 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r6, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r7, 0x1004000000016)
close(r2)

10:16:34 executing program 3:
socket$inet6(0xa, 0x1000000000002, 0x0)
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r1, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:34 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x1)
socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000180)={'security\x00'}, &(0x7f0000000200)=0x54)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:34 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f7620")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:35 executing program 3:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r1, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:35 executing program 5:
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ashmem\x00', 0x101000, 0x0)
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x2, 0x2)
ioctl$TUNSETOFFLOAD(r2, 0x400454d0, 0x8)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@dev, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@ipv4={[], [], @multicast2}}, 0x0, @in=@dev}}, &(0x7f00000002c0)=0xe8)
r4 = getegid()
getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000300)={{{@in6, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{}, 0x0, @in6=@ipv4={[], [], @dev}}}, &(0x7f0000000400)=0xe8)
write$P9_RSTATu(r2, &(0x7f0000000440)={0x8f, 0x7d, 0x1, {{0x0, 0x59, 0xbd1f, 0xff, {0x2, 0x3, 0x4}, 0x10840000, 0x1000, 0x3, 0x7, 0xe, '/dev/admmidi#\x00', 0xc, '/dev/ashmem\x00', 0x0, "", 0xc, '/dev/ashmem\x00'}, 0x21, 'vmnet0Ftrustedprocwlan1em0userem0', r3, r4, r5}}, 0x8f)

10:16:35 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:35 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:35 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:35 executing program 3:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r1, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:35 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:35 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:35 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(0x0, 0x1004000000016)
close(r1)

10:16:35 executing program 3:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r1, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:35 executing program 5:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x4, 0x202)
ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0)
r1 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r1, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f00000001c0)={0x2, 0x3e, &(0x7f0000000180)="c923f24b9a7246f49fa5a329a9ab66a757e3744464466421b2d9f4f83d6a7b4ec0c2b72004824ad74043bb5872681182351aed1ce72909172edd3c72d868"})

10:16:35 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

10:16:37 executing program 6:
pipe2$9p(&(0x7f0000000480)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x4000)
ioctl(r0, 0x9, &(0x7f0000000240)="75041f3a042dae6cd6b752edec359060dcfc800d1b7de6297bc99a93b96ca8af93ebc6117e5778215c68dd3abc7d224d4a73e3d5bdb5de8a48ab8861712bc6dd317f14f35fc758b091")
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000000040)={0x0, 0x12, 0x0, @thr={&(0x7f0000000100)="297d97e3d2fb966b805b265378fc378043a34beef12261a41b3515322ee95aa2b87d97511adbccb5a0400a308f40e9261545412e75c759f930da3e4adff99c", &(0x7f0000000140)="6d3c70c944a4791f1a6d2773075f11b2305046bb50f552b30914e8cba65573283ad27e40f001020dca0fd5a29856cb439d05d897c9dff0066a8b6eb130106f6b9bceb6afcdbd38a6509858208a67c68235a6055f6391cd457609d551dacbb0e28bcf5a00c70cb41bd4db626e5b1e4593c47bb71ac5a82f43afd13aa6c2e6b2558d1f653bb8aa0f7e6cb0a77f"}}, &(0x7f0000044000))
ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r3, 0x40405514, &(0x7f0000000200)={0x3, 0x0, 0x20, 0x9, 'syz1\x00', 0x8})
lseek(r3, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r4, 0x1004000000016)
close(r2)

10:16:37 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:37 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:37 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:37 executing program 5:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x400000, 0x0)
ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000180))
r1 = socket$inet(0x2, 0x3, 0x2)
openat$cgroup(r0, &(0x7f00000001c0)='syz1\x00', 0x200002, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r0, 0x4048ae9b, &(0x7f0000000280)={0x40002, 0x0, [0x1000000000000, 0x9, 0x179a, 0xffff, 0x8, 0x401, 0x7fffffff, 0x6]})
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200), &(0x7f0000000240)=0x4)
getsockopt(r1, 0x0, 0xcb, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:37 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

10:16:37 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x0)
close(r1)

10:16:37 executing program 3:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:38 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:38 executing program 5:
r0 = socket$inet(0x2, 0x2, 0x0)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
semtimedop(0x0, &(0x7f00000001c0)=[{0x3, 0x80, 0x1000}, {0x3, 0x3, 0x1000}, {0x3, 0xfff}, {0x3, 0x8001, 0x1000}, {0x4, 0x6}, {0x2, 0x856, 0x1800}, {0x3, 0x7, 0x800}, {0x0, 0x80000000}, {0x3, 0x52, 0x1800}, {0x1, 0x6, 0x800}], 0xa, &(0x7f0000000200))
getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, &(0x7f0000000040), &(0x7f0000000180)=0x30)

10:16:38 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

10:16:38 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:38 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:38 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
r1 = dup(r0)
ioctl$KDSKBMETA(r1, 0x4b63, &(0x7f0000000440)=0x1)
syz_mount_image$xfs(&(0x7f0000000040)='xfs\x00', &(0x7f0000000180)='./file0\x00', 0x7ff, 0x2, &(0x7f00000003c0)=[{&(0x7f00000001c0)="0e906e7e4d9c74021ad164801b6f1b2039520fb55e0531d7e7b142c9f9f04ba4ef1b6fa01bc298427886a39eb0992173a6e2e104dcb9844f5bb66cad2d8f16120c15e67300d1b587d31de7a153c64f03d4c3d5ce377fef018b4f68da870e5065c2f59e878c69f7ebc03ac030eb7e9f1f32dacf4e991142bac9723d90c6ea3d1194cd00301106cb28f83683bc10606c2bcc378b0ef3ee3cbc5dc5f123c9712ee3eac991a11979566ef7178c8aeb4a16fda02d697af6a664d5a93fb51cba03bcba503f0ac5599fe00661653639c2ab25", 0xcf, 0x1000}, {&(0x7f00000002c0)="9cffb648ab7312ea0853a86e34d060b8126b5aada9a1b7fe533fe5534dfe4b24a213f01c4ed736dfd54a1f9e522c46f5f395974e60e1e06f46e4ad9a059403a233bf4f0ac688b9932a898bbf87836f516c89a89288f1dbb43a3188a3f908b5fb074a765f9af8731993a15955f0f5251e35613ff21a7d09b4afc5da319d884432caa690cccc12d8936746d0944db89b71c7677ba1763e5021f16d95d7ab8b79d066707b700f9f893035ffaaa419e6305aebb0ae5875e23cb9b1fcf29122132bf45c5b08fe", 0xc4, 0x7fff}], 0x2010820, &(0x7f0000000400)={[{@prjquota='prjquota', 0x2c}, {@gquota='gquota', 0x2c}, {@noattr2='noattr2', 0x2c}, {@wsync='wsync', 0x2c}, {@noquota='noquota', 0x2c}]})
sendto$inet(r0, &(0x7f0000000480)="c1dcf229584d662b2afc33a784bd52965526ab95b332abae3c5593f3db02c100c9a920c30a0fdc3f25f33d5480ea78fe838849c1712e3c428d37e2886ff002d20565c9e1050b994aff0f19523a2513423aeced8f7de820f70e6f8079e40274e555822f3090e0e3424752733785d34f34ba374558206063a2d713694e90cfa717a4e57fc06f28cb5f94124a05d8c33f34587f3afd474d9c0a10e73b2ef8ccb95586f353ea725978a9449b668af5110ddd36f36e23bb48ed141a20a9c0fcd617e0af81d36a7fb6a11c5c", 0xc9, 0x11, &(0x7f0000000580)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10)

10:16:38 executing program 3:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:38 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:38 executing program 3:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:38 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d34")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:38 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:38 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:38 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:38 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:38 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x0)
close(r1)

10:16:38 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0xc0400, 0x0)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000280)={r1, r0, 0x80000001, 0x0, &(0x7f00000001c0)="3c8496832c8b9537715741fad3e3bd515083e9e83b5ca0d250f4dda54814e75210f89cd206c7c2d6c5cb53a2e3227632012668ca113d54522018e279792fae971b6ef15f483a9e43c02f0c975e04a9e86771d084c1ba3fbe65b0f45c7aeab12b7c9f69a282816a8237aae21a26e3e742fb3a91ebe80a718ac5b9a282b88269fa33517ff1ae494923daef456ad02c75b305c019c075f3ba4bbd70da3aed82dc31069ca7d099a1cf59825779dc0963a456fc020b3136761bc42699b0d73ea8692b", 0x100000000, 0x6, 0x88b, 0x1000, 0xfffffffeffffffff, 0x0, 0x2460000000000, "8a0361ba13dddcab649ef1853ef59b2fa2925182d2f4745196691a8179e2267b78b8d870eadd0c656944463463e9640dfed81aad58826a987526de42ebadf0509a21d350a2850b82b8aeea27e168ab9509b9c0d68346230f73d9b78f67c72e247fa2c0ef0dd392b66e1729848af1e98a885cf64e929cccb8683efc10fc051b080f9de4d62bdbbf36755d6d4438738c3ae9edf71f3b6084283d8b5c03c43c2bcc7af4983776dfb7d337b93925adf5ab33b232804c4fbf28d9c82de05effabc6277c00c551feab16501385d1cd68adfb0c39f3853a3e495da56dfbef135b54e71d97c8ca8ea8965f19602593fbb6d4535064161b6b4089a682df687ee849f978bbeb1d732f62682e4beb23a621d8f589e60cfd5dd964587843355aafff6275e809535eda3e96ec151d12934031612863fae6f86e7a8d4663125eb80a0d18c97a58d6b19f94f002d4b198b3c5df87559c82eaedb90fb60f998981cf58071685926d801a10453a34535cf4f5a7f49dfc0f8c1140de458690ff1d4ca68880c684c4cd47daad7a387ad728583b8ff1eea24e30f062aedc73fee286f94b233997db57afb11bef1d870572c17d8fab74e53db65a7b110f0629d527f1717a7a69324554afdd9a99f21cd481e318869390535c25b1d8a87c64baa12d98bb95bd7bb083d3dff47cefbfcc2a326716f7c1a8b6dd0c6a8692fc1c0e9945a9628400834120a47fc5171bdb8400ff993d2b25efc283e6fa971c2410d63301cf1a44a6fe9ab5ffec8b63f95fe4968fef5efa8149af39b491737e64998a46ffaae16631709e32cc0aec86da630ec520f3cd07ccab0699b7517e690af6daffbfff8cff3634741a7727864ba7ccec92bbfd27735496fcb1b535ffd19ce33aaf85e9c50f7620d6c3788844eab1c92293f6686293daeb692a92c3a5618805fda2134c4f377d7b9edef2e951c3b250617e809a35e47305a14270606872f27264ab15e69a341f133b146236fd3b011ddabc8c95099afe045a1bcfdd0cd4e92b8ee98cea21159790966f64354ebc7ea84079d8a2f628d9f5ef3cbdbccceb9b2a2050536ff273fa85e5e1a9875f1fc972fbc56c7c639ca9ad78ec5457b146646b9baddac7c61d8a249a89aa63fb5c6d23bced841455eb120eab96c238e0109e38a9423bfcea4d0ddc9d97564b5a3e0d0c2fea5f5fcf7461e844f183302107f11aecb547ff5b4bef16a47e55a26ff2996d5e094baa2332200f2afe018424e4250b2565d5f158d772b70ce5ba0893d90f33d04fcd987c0541d8493abe5e81b3653e0f85a555206da1f3b5e482687544f67807d154ab00141605d03b61dcd70ad36860fa0701698deb898a33b0f17a79b72da7b7070adc4228bc104ba07476db8088aedadad83b911bc4891fe816b7b94f22a66511e526b1068532e59f5497fc99f1a62200d1ee196171d046ec6ed8bc09232f9312d0ff9ee7e0c29c3c24986f26f34822b7def6dd06dcf2cc9b31f24b3881401c90f24d5aaedd81bf3a830b78c127c4e98640aa1267c2917e75b6b4cfd06a62dbaa51f4abf6c3b9a901dddd565a1ba57493c2e4cff8a208e97149483de2761aeb4e842a813ab2998b79edbf940370a060d865efca31bac529ea8de71d4309a2b45434ebd92022f1c0762e87f7739a79cffaaefeae75df0b1545aae55b1674032f79735ced18a88d6c3601d27f3ad178c7d1e0aa36488b1f4862e8277fd7bffb1cf82f75be24e83a3f68afc2175cf1dc2da1cd195263ff8088d4e55e27a5a31ba5433c6c167d85ef1be38e783fbe4cc4b9b2601ca32ca56324cff018494dfa7026bc35b5611e03b341a654e1ca2f6dce4579ac041eb223f425d239609a8c00afd4b7c078f5e260f7c1aaa706db76c66acc07b208e5ea454de6f48940892002a19c8c7c69840857ff4f3b42a14ff9f1bab64b9dc5ef31dba5633161fda7c955e012f1f65f8e7d708e5d402390aca97e24f5b315a1b4a6d53b44ee744a2cb7bf5e25742d5101d9dc518762cb9d8655ed4cddb13f81f9b5bdb9480bd16c9404a384d92fc9235f96bad18e4666b2d77503294b2fd4bf4c04bc27e20fa5f36bec99dac371f513cb46738921cc86cc4c8afc25d00e5006e77530cdf548fc89d24a2d41a9c51dd35a2bac393ee75598c466b429c1fa64a90d093269718358d26eb8c61e1964b27533a8fde0c500a6faebb2aef5782826c3a1eba937633221cd98f7d725d64f55ef2ddbc26f94994915e1223bdb8aadf35194ba6b80e0d8616055fe1d2c7cb22d630f6a1c2aec3a8c86d97bc724a16e7b95caf5d99debbe13ffab732984cc864b3caccff377e288cad0239b117797f0e7d4656a6f3d298f326ec82de99bb4e700704f92279475c7f9ec0b547ba8e4651f40b9c36b5ac63d169a6ef0b8c9f62fa6ea78bd6e67bb26e927c6b0a918189c13991b019fa443d88ea4954d90ef78cf5956fafe9d48a0cfce3af6dc8df9b22960bf44860b9d74aeb4a310562db17904f929270a66f14424cff4fc6dc4fc3b57c3cc493a36c27fe8ccb1af386ae4a2345752c2b5969ea07356d70d3f318df0fa0fe9bebec84542ae2725d2abadcbeea89ee4e88a25e9a013f5382a8ad304c7a469a8522d5b4b437af771ba843de01ec71909ce19a986636e51a11fa2c2d7deddcfd190b4ce40fadc53d6d3d4eceee1d724dcb3cea91a44409fde2e18416ffd798b6aeed0c3194a1ce8645d244ae62f5768ddb6c66131e7d1950ee58f98b6a266efe65a95df0d89fe07830d0ef5183560cea44810c3ba9509df66945fab6e1494f4951b5362d2981c2390f11b90bb090ffba1168c90fce566683b4e137285a28e710efccf3ae236151afbf1b63ab26ee07b629821d793ff3f4c3bf9fda20a63b886f2dfe5c3aefc159064f89ff19d2b057b2362040cc508e69ba327b262b51377f3a3567fdc78ae4667c1c3a619f5ffe50eda2f3148e912c87b74b0cfd07ed93faf865a19571b319c9cc88257cb7ccae577c4d3fe6799329913bcd76fadffdb8371261201831b0abb41bf5ae5c0dc3c915202798d959341a0d73f8882c96517079ac5c75c060d4d650e38d5053e18be5268b945b03f57b29432c9869800d59323a9fc982246420a4931eb0d03bc1468cfcafe5077c0cc481684e1ffd4329786b0f5999a21aeaf79a9088ad9bee478f560d0a0640fcb455a63ec472c039328abf1e3610c86c9ba8b18d5316937ae266da3fec1a02363afa93002264f6d5e1e178d203426037b9ed115daba2cb2c6993909a3feb04e4c7ed4e63d5614a1b80a3a3f9e962402a84f9e978a30f1b8a1db846dcdeda2f4c77d487c805e9e50a0cc1e60a552613bcebc97c76c8bcadd804a82d368d690c10a9c3f01919935475407d48db1c0fe0ac0e682ff4ac2f54254503332d533dba89f238f60934eff8b73b0d74b7a10c141d3d84269c6a9ea364db80eb5ec834fed45a620439e39c2a90a06bc28fbbbe6a0fc82d2aa05ed4ec4791e9cad2c781542a9a9b15bea518dcfda9bf138a05ab31eb8baa89bec58b5ecc3146eab8da967433cf2ef198737a31b2de1f280cabe712729156143c7496b77e9c38014ce9a276db8b18b2127bac101ee518d5d8958568031edaeb1b410344585937fe5326844e9be11a8b17c6e1ad720db2d2d9ebf521220e59bf8772e72a55dc11936e1b523b5fe8eb606d3d843633e4469f57bc9bddcd6fe9262787114d9020eac99c33e7438cecdfce30266896de7e40309c648bc537007b1d065893927e4800d50b114c40bcfc9cc1ea3727557f767c727d62bb2b8214e69f62256f519807396e526aa42092be6a0bddd7678bbb427f7bd3b479ca7097743bd0b21908e26d4eb33ecceb94e3a2e1ce566dd5cfcc355a10dd33f79995eb465f21b44364eac162c443b1ae849b2f95b80da75db7e52da1b097155066e518958fe515d3de233ec345b3a106fb07fdbaa930c4ee26b4c7de62a1167bd6db0c2fabd0d34bd7d165721575cd9d0164c79033392b4e566dd0c44757ecc8af29838bab03b552dfe50163cfdce02cf1d587a48883fa33106ce09b2fd97ed3bec6f8aa68b383d10f28aabe767b71ced208c802f9588c8de73f71a9ccdcee942f0d69fe3d69e2e18500621eda607769608d245edee277a2bf1311fbfabe6d5166d5b6d61574e942a16337cd4951579207a3569caea55c1a796e59fd43b3887e510c6c2ae0d48a754f90637fa6094cb08a6434978d4564068e595fb629cf3ebd87a34bd2e67a75b1fb14cf7877740afe719bced15f8411ad0aafe8362a754fc5cbc21f4622129c5ab2937608f088cc1424b1471ccf637130647e8ef142f1621b16b335185af815b135c8ae82a13a227a96617611ee40e9a049719088fc1b210f888d0f515f08c47a0a87a4cb7d11ee610c6e5885142e8df715ae0429706bc3f2af833b9bd10d1ab1a1bca4e1d8197bf5bf39dfaabce46fa3efe43170970c00d9c1e0e3b31e3a5bc0e64077700ce3513d200017e515f45b806392c344e8c665a88b6ee6e3d641d9a1f88b24a55a160098b15fb1174353092f8685a9c72505fd255f678c8cc435c699aaaa492399779acc0b4dec2a6b173d2143cdd0940c0a8501f78aef519dd5e8f674d65a24b13b0b8f7a84401dbd1d91cb31718141f5ea3f368096726e4384f3633511d95688852960687a3c1b13f98a2815f502e1ecb4f29684cc2582fd718c8a12d1bd42301fed06feb9a4f36ec8ddd57d7b12cf5fe521bc0071a7d53392944e8b1ae454ccadc9b59ab812b75f06567c6f282965528262454614f3e86a29f25c2a447149dd1172cefa9d3dd4dca5eb4166699b1782fe8552d0bb698b7b80203785555646e654a9023e898116fc4978a23eb704bec7f9bbf066b39bc2f8cb572b7564f68311d8e3577e03137f67d084fa0ee926547ed8e9cf6fa9fa29cad72418482144204296c4cf3e276a75d550b3adc92c4415f0880bb9c9754c19944e08b221b5dcbb048363e59f1be9be341578980996c254e32e9c7255216a6592a660333e693edaa34d7c36d9d73321139f9f6cc19f1f2d0a11037a7cd4a52cffae6ec9b87964a8eb39658d0ac953a2c851880ad37287e7016edd64ba4a9c9b6de47ac8ea4ce39a336ae3a357df430759454faefe73410eda0c739577aa0e34d9fb51190fd53129fe2e9697069d31c35bdb6a66cab945b44b3f2c89822fa598dce267210a14ec3c41b5692bb446dd47cc553079b915de52620754218f4dead02fb0b38339e37281c0b65ab86ebf38afe176c26cd9799e66fee5cb92eab9aef47c828226a6b3db0e6dface98f94f44b70e3a8b140c89a1eb2c436086b011ea88b0312199ee309c410941b53bc9e16a520dffde7c44f4fac5717a2bff4485ffb0000db771233e3c2c6af3c74dc21638bdb8abc5e6c8e82053d09062db9e5653f756da293a171ab2a894a4dd0ec858ff10342cdfb287991d70a3603b5d17ea1af188a157fcd13d9749121cfe47e8fa6859a8ffafbc3a7b9ed97462916439ca3d968c4cb884b0d7c9d983f37cec1fb3b5223e5413771e02c71ddef0c52b633c102f44d8657d3887fb75d428361b4327231451aac7d49c2ce44c217371699d6c1c00ea60a3cb84ad7a9b003bbceee9a20539d6763d22bb6358d514330ba0dd6297a2c9d3d2fca14ac36b7861a4c620289e7baa67c3f88031cb6dfcf34d9f5452cac0473e72006962c0884fc555af103138d6c228e35040f2ff643ab5421bef55a4532d652b43d14b781c9e64c1aa0267f567809507c66a4982baf554b326e7cc300384dcb"})

10:16:38 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:38 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x80)
setsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000000040)="36e4cdef168544411f40755da78f1a84f1701495183a3828a67ae9f5369536ffaf00932ee156946322", 0x29)
lookup_dcookie(0x3, &(0x7f0000000300)=""/170, 0xaa)
r1 = socket$inet(0x2, 0x800, 0x2)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000180)={<r2=>0x0, 0x6}, &(0x7f00000001c0)=0x8)
pipe(&(0x7f00000004c0)={<r3=>0xffffffffffffffff})
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000400)=0xfffffffffffff27d, 0x4)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000200)={r2, @in6={{0xa, 0x4e24, 0x1, @dev={0xfe, 0x80, [], 0x11}, 0x8}}, 0x0, 0xfffffffffffffffa, 0x47db5863, 0x80000000, 0x1}, &(0x7f00000002c0)=0x98)
getsockopt(r0, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)

10:16:38 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:38 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:39 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:39 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:39 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:39 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:39 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:39 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f76")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:39 executing program 5:
r0 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffff9c)
ioctl$KVM_GET_LAPIC(r0, 0x8400ae8e, &(0x7f0000000200)={"34cb923f65329c58c1ff6aa5078a1b85cce826c9fcfcfed7e2eec5169920118a6c5f00bc645cd26c299cc37c1af54422b4f55c0a4d6888988c7963642bfd504d1905fa5650df35f12829195ba0fb86799d8c9b46697098119d2e975eace396b80a898ae2da0693b8a387940838676ffc21ebed07a08af3048245fd0e84e0a152348aead4fcefa6c47c8d63d4e6e3e7acbe3b17325916cd326d0c03e5e18fa231625d624fae1c8af8084dfbc7e02328507c9432cd890d2b56e5c92d086f234e7dec4a867709c9898f336465b1362dadf69bcec734f80db2ae8a73027d4f22d06d9ae0b4be0459344f40353421f30fcca7ca0105a13684247fa0c0a3c40fbb443b55dc9e5692266e6ff36f1bb9e2c3183e5be909a6f7e7fb82a5dc9f90245d0324d5484ecb6128ac5323155d41da9a595f55ad40818ceb8b7cc223acf309dd8ac5ca341bc2bd579b929e75e1a3ab5433341b091c7f9b92ff756785d1a87525ecf78d33a5d67e911612fa93642d94ac93964b396ae1773e2802c23a3c4ad7ed79d1b7b98d2a06eec89c7b61e1095c8f2cab241149f2ffb6141a0c598caf42d46bf379f1ca143949e4184b3c1261e10a9f2ff89d7f7a4b2097fb4974e189cd17798bf177b81f274d58a392f912bb86dd16a1f6df1a0440de39c43cd48846a39465903a45a826a5e9f75cfd3ce35fd966d8b08628c08c86e62a6ab03053973b9c8124224db2691d89ae1ebf0e0f73752444bc9616b0da8ede2918c7ce7bce393b21b73a7b35e0a11e56222221a2daa6eb7ba44f9030f220e1330792fedcc0090e7e3a5e61b7bc210f36f02e841fdacc21a4315f11974ced81f7e9f061fd5f89135d68ffae4882b237eac175d12bd83391aab9dfb4fca2d27d69f901c0a9fe4da63600f54bf5cf3e4aaa519e85b656401c0f2ec613c4da928f865416dec50c07acdd46b11e689ad234a83c4425b42caac94e098015383384d15a8246e39bbe4477c2aab982805a80dfd83a83dd7d19f13d139b76de7e59a91a52dbe99008979b272f4a2ce0b416f4e7a2b6529fa96f2a8b4123cb5278013d731b65690022c5ee7b973b0ee8786fa810de33b8abf733bb63ecfeb9541a3c7748df94e7ec167f97c3a231061c8ebaa4176e5d7c2c7fb2fbe631bc8502b02eed54cde196249ef1fc76591684044f354b5530743dc71fcfcfd5b6493b6403ed41458fd7b1d2482e96105cf90efd6729735bf0eb580c1be023a251b95109543f69aeba909d1461503537b580012e7f5eca7ed18c0e5f018499a6068cad36cd82bac9c66d744a79c033cae1d963e2d681322d2124caf88270613be1f850cd9e032cd1aa0fc215ce2a5197c0dc3c25ebb7c49be45515ab102f6ad80e0ee32364f898a8e19b75bf2854066a0ecb550308844872b7cd3cca996426c8d3545b76d3b3cd0801af0fde4fec43967eba"})
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/am_droprate\x00', 0x2, 0x0)
setsockopt$RDS_FREE_MR(r1, 0x114, 0x3, &(0x7f0000000180)={{0x3, 0x400}, 0x60}, 0x10)
getsockopt$ARPT_SO_GET_INFO(r1, 0x0, 0x60, &(0x7f00000006c0)={'filter\x00'}, &(0x7f0000000640)=0x44)
r2 = socket$inet(0x2, 0x5, 0x280000001)
ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f0000000600)={r2, 0x5, 0x24c, "eedd7571734289cfec728df9a89c5cad65981120cc7b98dedcab320573234761766c022d285617e5b1ca1d79837857d526df3e4590"})
getsockopt(r2, 0x0, 0xce, &(0x7f0000000080)=""/203, &(0x7f0000000000)=0xcb)
ioctl$sock_SIOCADDDLCI(r2, 0x8980, &(0x7f0000000680)={'veth0_to_bond\x00', 0x5})

10:16:39 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
lsetxattr(&(0x7f00000001c0)='./control\x00', &(0x7f0000000200)=@random={'trusted.', '/dev/uinput\x00'}, &(0x7f0000000240)='\x00', 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x8000, 0x0)
getsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000100)=""/68, &(0x7f0000000180)=0x44)
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r3, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r4, 0x1004000000016)
close(r2)

10:16:39 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:39 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:39 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:39 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2), 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:39 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x0)
close(r1)

10:16:39 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f7620")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:39 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2), 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:39 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:39 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:39 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:39 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:39 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:39 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2), 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:40 executing program 4 (fault-call:11 fault-nth:0):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:40 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

[  341.731468] FAULT_INJECTION: forcing a failure.
[  341.731468] name failslab, interval 1, probability 0, space 0, times 0
[  341.742797] CPU: 1 PID: 22863 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  341.751193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  341.760527] Call Trace:
[  341.763126]  dump_stack+0x1c9/0x2b4
[  341.766737]  ? dump_stack_print_info.cold.2+0x52/0x52
[  341.771922]  ? kasan_check_read+0x11/0x20
[  341.776071]  should_fail.cold.4+0xa/0x11
[  341.780115]  ? trace_hardirqs_on+0x10/0x10
[  341.784333]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  341.789415]  ? trace_hardirqs_off+0xd/0x10
[  341.793631]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[  341.798716]  ? add_timer+0x5f1/0x1410
[  341.802497]  ? __unlock_page_memcg+0x72/0x100
[  341.806970]  ? timer_reduce+0x15c0/0x15c0
[  341.811099]  ? page_add_new_anon_rmap+0x870/0x870
[  341.815945]  ? __init_rwsem+0x1cc/0x2a0
[  341.819903]  ? lock_acquire+0x1e4/0x540
[  341.823857]  ? fs_reclaim_acquire+0x20/0x20
[  341.828156]  ? lock_downgrade+0x8f0/0x8f0
[  341.832287]  ? lock_downgrade+0x8f0/0x8f0
[  341.836412]  ? check_same_owner+0x340/0x340
[  341.840712]  ? rcu_note_context_switch+0x730/0x730
[  341.845645]  ? pvclock_read_flags+0x160/0x160
[  341.850120]  __should_failslab+0x124/0x180
[  341.854336]  should_failslab+0x9/0x14
[  341.858123]  kmem_cache_alloc+0x2af/0x760
[  341.862251]  ? kvm_clock_read+0x25/0x30
[  341.866205]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  341.871203]  ? ktime_get_with_offset+0x32e/0x4b0
[  341.875954]  mmu_topup_memory_caches+0xf7/0x3a0
[  341.880616]  kvm_mmu_load+0x21/0x10e0
[  341.884396]  ? kasan_check_write+0x14/0x20
[  341.888610]  ? do_raw_spin_lock+0xc1/0x200
[  341.892825]  vcpu_enter_guest+0x3aa6/0x6090
[  341.897127]  ? kvm_set_msr_common+0x26a0/0x26a0
[  341.901782]  ? lock_acquire+0x1e4/0x540
[  341.905738]  ? vmx_vcpu_load+0xadf/0xff0
[  341.909776]  ? trace_hardirqs_on+0x10/0x10
[  341.913989]  ? vmx_vcpu_reset+0x1040/0x1040
[  341.918292]  ? find_get_entries_tag+0x1410/0x1410
[  341.923207]  ? lock_acquire+0x1e4/0x540
[  341.927160]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  341.932156]  ? lock_release+0xa30/0xa30
[  341.936105]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  341.941359]  ? kvm_arch_dev_ioctl+0x610/0x610
[  341.945830]  ? preempt_notifier_dec+0x20/0x20
[  341.950305]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  341.955132]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  341.960129]  kvm_vcpu_ioctl+0x7b8/0x1300
[  341.964168]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  341.969859]  ? lock_acquire+0x1e4/0x540
[  341.973820]  ? __fget+0x4ac/0x740
[  341.977252]  ? lock_downgrade+0x8f0/0x8f0
[  341.981380]  ? lock_release+0xa30/0xa30
[  341.985350]  ? pid_task+0x115/0x200
[  341.988965]  ? find_vpid+0xf0/0xf0
[  341.992573]  ? __f_unlock_pos+0x19/0x20
[  341.996527]  ? __fget+0x4d5/0x740
[  341.999976]  ? ksys_dup3+0x690/0x690
[  342.003775]  ? kasan_check_write+0x14/0x20
[  342.008019]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  342.012954]  ? fsnotify+0xbac/0x14e0
[  342.016662]  ? vfs_write+0x2f3/0x560
[  342.020364]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  342.026123]  do_vfs_ioctl+0x1de/0x1720
[  342.030001]  ? fsnotify_first_mark+0x350/0x350
[  342.034559]  ? __fsnotify_parent+0xcc/0x420
[  342.038859]  ? ioctl_preallocate+0x300/0x300
[  342.043249]  ? __fget_light+0x2f7/0x440
[  342.047197]  ? fget_raw+0x20/0x20
[  342.050627]  ? __sb_end_write+0xac/0xe0
[  342.054584]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  342.060102]  ? fput+0x130/0x1a0
[  342.063361]  ? ksys_write+0x1ae/0x260
[  342.067145]  ? security_file_ioctl+0x94/0xc0
[  342.071537]  ksys_ioctl+0xa9/0xd0
[  342.074972]  __x64_sys_ioctl+0x73/0xb0
[  342.078843]  do_syscall_64+0x1b9/0x820
[  342.082711]  ? syscall_slow_exit_work+0x500/0x500
[  342.087531]  ? syscall_return_slowpath+0x5e0/0x5e0
[  342.092437]  ? syscall_return_slowpath+0x31d/0x5e0
[  342.097346]  ? prepare_exit_to_usermode+0x291/0x3b0
[  342.102340]  ? perf_trace_sys_enter+0xb10/0xb10
[  342.106985]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  342.111809]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  342.116975] RIP: 0033:0x455e29
[  342.120137] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  342.139265] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  342.146952] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  342.154200] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  342.162151] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  342.169485] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
10:16:41 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)=<r4=>0x0)
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
clock_gettime(0x0, &(0x7f0000000040)={<r5=>0x0, <r6=>0x0})
timer_settime(r4, 0x1, &(0x7f0000000100)={{r5, r6+10000000}, {0x0, 0x989680}}, &(0x7f0000000140))
tkill(r3, 0x1004000000016)
close(r1)

10:16:41 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:41 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:41 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000), &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:41 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2), 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:41 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(0xffffffffffffffff)

10:16:41 executing program 5 (fault-call:3 fault-nth:0):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:41 executing program 4 (fault-call:11 fault-nth:1):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

[  342.176731] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000000
[  342.229457] FAULT_INJECTION: forcing a failure.
[  342.229457] name failslab, interval 1, probability 0, space 0, times 0
[  342.240751] CPU: 1 PID: 22878 Comm: syz-executor5 Not tainted 4.18.0-rc3-next-20180709+ #2
[  342.249143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  342.258485] Call Trace:
[  342.261233]  dump_stack+0x1c9/0x2b4
[  342.264846]  ? dump_stack_print_info.cold.2+0x52/0x52
[  342.270036]  should_fail.cold.4+0xa/0x11
[  342.274340]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  342.279427]  ? rcu_note_context_switch+0x730/0x730
[  342.284346]  ? __mutex_lock+0x6c4/0x1680
[  342.288405]  ? blkpg_ioctl+0x54e/0xc40
[  342.292275]  ? mutex_trylock+0x2b0/0x2b0
[  342.296316]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  342.301312]  ? lock_acquire+0x1e4/0x540
[  342.305266]  ? fs_reclaim_acquire+0x20/0x20
[  342.309581]  ? lock_downgrade+0x8f0/0x8f0
[  342.313712]  ? check_same_owner+0x340/0x340
[  342.318014]  ? rcu_note_context_switch+0x730/0x730
[  342.322934]  ? disk_part_iter_next+0x518/0x890
10:16:41 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:41 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2), 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:41 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:41 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2), 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:41 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:41 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000), &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

[  342.327521]  __should_failslab+0x124/0x180
[  342.331745]  should_failslab+0x9/0x14
[  342.335528]  kmem_cache_alloc_trace+0x2cb/0x780
[  342.340171]  ? blk_free_devt+0x60/0x60
[  342.344037]  ? lock_release+0xa30/0xa30
[  342.347989]  ? lock_downgrade+0x8f0/0x8f0
[  342.352116]  add_partition+0x1f6/0xf60
[  342.355981]  ? disk_part_iter_next+0x541/0x890
[  342.360543]  ? drop_partitions.isra.13+0x200/0x200
[  342.365447]  ? disk_part_iter_init+0x2c4/0x4d0
[  342.370008]  ? put_disk_and_module+0x90/0x90
[  342.374409]  blkpg_ioctl+0xa25/0xc40
[  342.378103]  ? __fdget_pos+0x1bb/0x200
[  342.381970]  ? blk_ioctl_discard+0x3b0/0x3b0
[  342.386358]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  342.391877]  ? _kstrtoull+0x188/0x250
[  342.395655]  ? _parse_integer+0x190/0x190
[  342.399796]  blkdev_ioctl+0x1885/0x2030
[  342.403749]  ? lock_acquire+0x1e4/0x540
[  342.407699]  ? blkpg_ioctl+0xc40/0xc40
[  342.411564]  ? lock_release+0xa30/0xa30
[  342.415517]  ? pid_task+0x115/0x200
[  342.419121]  ? find_vpid+0xf0/0xf0
[  342.422643]  ? __f_unlock_pos+0x19/0x20
[  342.426598]  ? __fget+0x4d5/0x740
[  342.430032]  ? ksys_dup3+0x690/0x690
[  342.433729]  ? kasan_check_write+0x14/0x20
[  342.437942]  block_ioctl+0xee/0x130
[  342.441568]  ? blkdev_fallocate+0x400/0x400
[  342.445875]  do_vfs_ioctl+0x1de/0x1720
[  342.449742]  ? fsnotify_first_mark+0x350/0x350
[  342.454303]  ? __fsnotify_parent+0xcc/0x420
[  342.458605]  ? ioctl_preallocate+0x300/0x300
[  342.462998]  ? __fget_light+0x2f7/0x440
[  342.466949]  ? fget_raw+0x20/0x20
[  342.470381]  ? __sb_end_write+0xac/0xe0
[  342.474336]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  342.479854]  ? fput+0x130/0x1a0
[  342.483113]  ? ksys_write+0x1ae/0x260
[  342.486927]  ? security_file_ioctl+0x94/0xc0
[  342.491311]  ksys_ioctl+0xa9/0xd0
[  342.494751]  __x64_sys_ioctl+0x73/0xb0
[  342.498618]  do_syscall_64+0x1b9/0x820
[  342.502484]  ? finish_task_switch+0x1d3/0x870
[  342.506955]  ? syscall_return_slowpath+0x5e0/0x5e0
[  342.511859]  ? syscall_return_slowpath+0x31d/0x5e0
[  342.516768]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  342.521760]  ? prepare_exit_to_usermode+0x291/0x3b0
[  342.526757]  ? perf_trace_sys_enter+0xb10/0xb10
[  342.531402]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  342.536229]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  342.541395] RIP: 0033:0x455e29
[  342.544560] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  342.563687] RSP: 002b:00007f3e61f1bc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  342.571374] RAX: ffffffffffffffda RBX: 00007f3e61f1c6d4 RCX: 0000000000455e29
10:16:41 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:41 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080))
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

[  342.578621] RDX: 0000000020000040 RSI: 0000000000001269 RDI: 0000000000000014
[  342.585878] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  342.593125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015
[  342.600372] R13: 00000000004bcaea R14: 00000000004cafd0 R15: 0000000000000000
[  342.648674] FAULT_INJECTION: forcing a failure.
[  342.648674] name failslab, interval 1, probability 0, space 0, times 0
[  342.660033] CPU: 0 PID: 22888 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  342.668427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  342.677758] Call Trace:
[  342.680334]  dump_stack+0x1c9/0x2b4
[  342.683944]  ? dump_stack_print_info.cold.2+0x52/0x52
[  342.689122]  ? __kernel_text_address+0xd/0x40
[  342.693600]  ? unwind_get_return_address+0x61/0xa0
[  342.698530]  should_fail.cold.4+0xa/0x11
[  342.702835]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  342.707943]  ? save_stack+0xa9/0xd0
[  342.711636]  ? kasan_kmalloc+0xc4/0xe0
[  342.715502]  ? kasan_slab_alloc+0x12/0x20
[  342.719640]  ? kmem_cache_alloc+0x12e/0x760
[  342.723950]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  342.728773]  ? kvm_mmu_load+0x21/0x10e0
[  342.732735]  ? vcpu_enter_guest+0x3aa6/0x6090
[  342.737224]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  342.742227]  ? do_vfs_ioctl+0x1de/0x1720
[  342.746273]  ? ksys_ioctl+0xa9/0xd0
[  342.749888]  ? __x64_sys_ioctl+0x73/0xb0
[  342.754038]  ? do_syscall_64+0x1b9/0x820
[  342.758089]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  342.763456]  ? lock_acquire+0x1e4/0x540
[  342.767415]  ? percpu_ref_put_many+0x119/0x240
[  342.771990]  ? lock_downgrade+0x8f0/0x8f0
[  342.776137]  ? lock_acquire+0x1e4/0x540
[  342.780093]  ? fs_reclaim_acquire+0x20/0x20
[  342.784408]  ? lock_downgrade+0x8f0/0x8f0
[  342.788549]  ? check_same_owner+0x340/0x340
[  342.792858]  ? rcu_note_context_switch+0x730/0x730
[  342.797777]  ? kasan_unpoison_shadow+0x35/0x50
[  342.802342]  __should_failslab+0x124/0x180
[  342.806569]  should_failslab+0x9/0x14
[  342.810352]  kmem_cache_alloc+0x2af/0x760
[  342.814482]  ? kvm_clock_read+0x25/0x30
[  342.818456]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  342.823458]  ? ktime_get_with_offset+0x32e/0x4b0
[  342.828206]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  342.833041]  mmu_topup_memory_caches+0xf7/0x3a0
[  342.837705]  kvm_mmu_load+0x21/0x10e0
[  342.841500]  ? kasan_check_write+0x14/0x20
[  342.845724]  ? do_raw_spin_lock+0xc1/0x200
[  342.849942]  vcpu_enter_guest+0x3aa6/0x6090
[  342.854247]  ? kvm_set_msr_common+0x26a0/0x26a0
[  342.858895]  ? lock_acquire+0x1e4/0x540
[  342.862853]  ? vmx_vcpu_load+0xadf/0xff0
[  342.866898]  ? vmx_vcpu_reset+0x1040/0x1040
[  342.871200]  ? find_get_entries_tag+0x1410/0x1410
[  342.876040]  ? lock_acquire+0x1e4/0x540
[  342.879997]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  342.884996]  ? lock_release+0xa30/0xa30
[  342.888963]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  342.894235]  ? kvm_arch_dev_ioctl+0x610/0x610
[  342.898722]  ? preempt_notifier_dec+0x20/0x20
[  342.903204]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  342.908026]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  342.913043]  kvm_vcpu_ioctl+0x7b8/0x1300
[  342.917087]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  342.922782]  ? lock_acquire+0x1e4/0x540
[  342.926736]  ? __fget+0x4ac/0x740
[  342.930165]  ? lock_downgrade+0x8f0/0x8f0
[  342.934292]  ? lock_release+0xa30/0xa30
[  342.938245]  ? pid_task+0x115/0x200
[  342.941848]  ? find_vpid+0xf0/0xf0
[  342.945368]  ? __f_unlock_pos+0x19/0x20
[  342.949321]  ? __fget+0x4d5/0x740
[  342.952752]  ? ksys_dup3+0x690/0x690
[  342.956448]  ? kasan_check_write+0x14/0x20
[  342.960753]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  342.965664]  ? fsnotify+0xbac/0x14e0
[  342.969358]  ? vfs_write+0x2f3/0x560
[  342.973055]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  342.978745]  do_vfs_ioctl+0x1de/0x1720
[  342.982614]  ? fsnotify_first_mark+0x350/0x350
[  342.987176]  ? __fsnotify_parent+0xcc/0x420
[  342.991489]  ? ioctl_preallocate+0x300/0x300
[  342.995880]  ? __fget_light+0x2f7/0x440
[  342.999851]  ? fget_raw+0x20/0x20
[  343.003290]  ? __sb_end_write+0xac/0xe0
[  343.007261]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  343.012784]  ? fput+0x130/0x1a0
[  343.016054]  ? ksys_write+0x1ae/0x260
[  343.019854]  ? security_file_ioctl+0x94/0xc0
[  343.024243]  ksys_ioctl+0xa9/0xd0
[  343.027679]  __x64_sys_ioctl+0x73/0xb0
[  343.031548]  do_syscall_64+0x1b9/0x820
[  343.035429]  ? finish_task_switch+0x1d3/0x870
[  343.039928]  ? syscall_return_slowpath+0x5e0/0x5e0
[  343.044846]  ? syscall_return_slowpath+0x31d/0x5e0
[  343.049757]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  343.054764]  ? prepare_exit_to_usermode+0x291/0x3b0
[  343.059774]  ? perf_trace_sys_enter+0xb10/0xb10
[  343.064423]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  343.069249]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  343.074420] RIP: 0033:0x455e29
[  343.077586] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  343.097167] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  343.105582] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  343.112847] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  343.120107] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  343.127357] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  343.134606] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000001
10:16:42 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:42 executing program 5 (fault-call:3 fault-nth:1):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:42 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
timer_create(0x1, &(0x7f0000000200)={0x0, 0x28, 0x4, @thr={&(0x7f0000000040)="88486458d24f286c8e95b26b10154e0858e55fb9c397ce1d8ba4f4", &(0x7f0000000100)="64ef461c8b9bd6e44ac68ecb693a1ddb3899956711a34eb1f09ac17c136386eee38239d8b39df65862e89e2a42c6e66f5e90e2f03444066f0489207e55f42d9b0a3151c12fdaa647e6b650b1eed8788f44e67de88a78aa1bb436e8d3cdb12e3d79a69cdbe2e73ea6759c0c2d82f05b85b1212cba8abc31f848e74ebd6285a8116a0c3446ee89aba1376153d41f4cc840e214b0a0c8ff0a7a2c24940495c05a63585092b0cd8ca68d7f159f5c8c73ecb1e7e66a19017faff5c19cb7b7a211d54faf"}}, &(0x7f0000000240))
close(r1)

[  343.196088] FAULT_INJECTION: forcing a failure.
[  343.196088] name failslab, interval 1, probability 0, space 0, times 0
[  343.207382] CPU: 0 PID: 22922 Comm: syz-executor5 Not tainted 4.18.0-rc3-next-20180709+ #2
[  343.215766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  343.225098] Call Trace:
[  343.227678]  dump_stack+0x1c9/0x2b4
[  343.231301]  ? dump_stack_print_info.cold.2+0x52/0x52
[  343.236483]  ? bpf_prog_kallsyms_find+0xde/0x4c0
[  343.241232]  should_fail.cold.4+0xa/0x11
[  343.245278]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  343.250369]  ? lock_release+0xa30/0xa30
[  343.254325]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  343.259329]  ? pcpu_next_fit_region.constprop.24+0x334/0x410
[  343.265112]  ? kasan_check_write+0x14/0x20
[  343.269331]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  343.274245]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  343.279266]  ? widen_string+0xe0/0x2e0
[  343.283153]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  343.288682]  ? lock_acquire+0x1e4/0x540
[  343.292664]  ? fs_reclaim_acquire+0x20/0x20
[  343.297479]  ? lock_downgrade+0x8f0/0x8f0
[  343.301624]  ? check_same_owner+0x340/0x340
[  343.305938]  ? rcu_note_context_switch+0x730/0x730
[  343.310892]  __should_failslab+0x124/0x180
[  343.315147]  should_failslab+0x9/0x14
[  343.319063]  __kmalloc_track_caller+0x2c4/0x760
[  343.323733]  ? pointer+0x990/0x990
[  343.327260]  ? mutex_trylock+0x2b0/0x2b0
[  343.331314]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  343.336317]  ? kvasprintf_const+0x67/0x190
[  343.340555]  kvasprintf+0xb1/0x140
[  343.344094]  ? bust_spinlocks+0xe0/0xe0
[  343.348083]  kvasprintf_const+0x67/0x190
[  343.352164]  kobject_set_name_vargs+0x5b/0x150
[  343.356760]  dev_set_name+0xad/0xe0
[  343.360406]  ? device_initialize+0x5f0/0x5f0
[  343.364828]  ? __lockdep_init_map+0x105/0x590
[  343.369350]  add_partition+0xa53/0xf60
[  343.373226]  ? drop_partitions.isra.13+0x200/0x200
[  343.378242]  ? disk_part_iter_init+0x2c4/0x4d0
[  343.382824]  ? put_disk_and_module+0x90/0x90
[  343.387222]  blkpg_ioctl+0xa25/0xc40
[  343.390916]  ? __fdget_pos+0x1bb/0x200
[  343.394796]  ? blk_ioctl_discard+0x3b0/0x3b0
[  343.399190]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  343.404712]  ? _kstrtoull+0x188/0x250
[  343.408507]  ? _parse_integer+0x190/0x190
[  343.412652]  blkdev_ioctl+0x1885/0x2030
[  343.416609]  ? lock_acquire+0x1e4/0x540
[  343.420565]  ? blkpg_ioctl+0xc40/0xc40
[  343.424446]  ? lock_release+0xa30/0xa30
[  343.428514]  ? pid_task+0x115/0x200
[  343.432125]  ? find_vpid+0xf0/0xf0
[  343.435645]  ? __f_unlock_pos+0x19/0x20
[  343.439599]  ? __fget+0x4d5/0x740
[  343.443034]  ? ksys_dup3+0x690/0x690
[  343.446732]  ? kasan_check_write+0x14/0x20
[  343.450948]  block_ioctl+0xee/0x130
[  343.454556]  ? blkdev_fallocate+0x400/0x400
[  343.458860]  do_vfs_ioctl+0x1de/0x1720
[  343.462728]  ? fsnotify_first_mark+0x350/0x350
[  343.467290]  ? __fsnotify_parent+0xcc/0x420
[  343.471594]  ? ioctl_preallocate+0x300/0x300
[  343.476004]  ? __fget_light+0x2f7/0x440
[  343.479968]  ? fget_raw+0x20/0x20
[  343.483405]  ? __sb_end_write+0xac/0xe0
[  343.487381]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  343.493332]  ? fput+0x130/0x1a0
[  343.496599]  ? ksys_write+0x1ae/0x260
[  343.500391]  ? security_file_ioctl+0x94/0xc0
[  343.504781]  ksys_ioctl+0xa9/0xd0
[  343.508320]  __x64_sys_ioctl+0x73/0xb0
[  343.512188]  do_syscall_64+0x1b9/0x820
[  343.516402]  ? finish_task_switch+0x1d3/0x870
[  343.520877]  ? syscall_return_slowpath+0x5e0/0x5e0
[  343.525786]  ? syscall_return_slowpath+0x31d/0x5e0
[  343.530705]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  343.535701]  ? prepare_exit_to_usermode+0x291/0x3b0
[  343.540707]  ? perf_trace_sys_enter+0xb10/0xb10
[  343.545445]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  343.550268]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  343.555444] RIP: 0033:0x455e29
[  343.558611] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  343.577746] RSP: 002b:00007f3e61f1bc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  343.585465] RAX: ffffffffffffffda RBX: 00007f3e61f1c6d4 RCX: 0000000000455e29
[  343.592724] RDX: 0000000020000040 RSI: 0000000000001269 RDI: 0000000000000014
[  343.599971] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  343.607220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015
[  343.614468] R13: 00000000004bcaea R14: 00000000004cafd0 R15: 0000000000000001
10:16:44 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000), &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:44 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080))
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:44 executing program 4 (fault-call:11 fault-nth:2):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:44 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(0xffffffffffffffff)

10:16:44 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:44 executing program 5 (fault-call:3 fault-nth:2):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:44 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8910, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
r1 = syz_open_dev$dspn(&(0x7f00000001c0)='/dev/dsp#\x00', 0x4, 0x20000)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000200)={{{@in6=@local, @in6=@ipv4={[], [], @multicast1}}}, {{@in=@broadcast}, 0x0, @in6=@remote}}, &(0x7f0000000300)=0xe8)
mmap(&(0x7f0000013000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000ffc000/0x2000)=nil, 0x2000}, 0x2})
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r3, 0x0, 0x1)
fremovexattr(r0, &(0x7f0000000340)=@known='security.ima\x00')
ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
syz_open_dev$dmmidi(&(0x7f0000000180)='/dev/dmmidi#\x00', 0x2, 0x8449c2e48c2573c3)
tkill(r4, 0x1004000000016)
close(r2)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nullb0\x00', 0x10000, 0x0)

[  345.261616] FAULT_INJECTION: forcing a failure.
[  345.261616] name failslab, interval 1, probability 0, space 0, times 0
[  345.272981] CPU: 0 PID: 22939 Comm: syz-executor5 Not tainted 4.18.0-rc3-next-20180709+ #2
[  345.281400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  345.290767] Call Trace:
[  345.293376]  dump_stack+0x1c9/0x2b4
[  345.297025]  ? dump_stack_print_info.cold.2+0x52/0x52
[  345.302225]  ? __debug_object_init+0x581/0x12e0
[  345.307357]  should_fail.cold.4+0xa/0x11
[  345.311423]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  345.316553]  ? save_stack+0x43/0xd0
[  345.320177]  ? kasan_kmalloc+0xc4/0xe0
[  345.324056]  ? __kmalloc_track_caller+0x14a/0x760
[  345.329233]  ? kvasprintf+0xb1/0x140
[  345.332934]  ? kobject_set_name_vargs+0x5b/0x150
[  345.337677]  ? dev_set_name+0xad/0xe0
[  345.341466]  ? blkpg_ioctl+0xa25/0xc40
[  345.345345]  ? blkdev_ioctl+0x1885/0x2030
[  345.349484]  ? block_ioctl+0xee/0x130
[  345.353269]  ? do_vfs_ioctl+0x1de/0x1720
[  345.357321]  ? ksys_ioctl+0xa9/0xd0
[  345.360932]  ? __x64_sys_ioctl+0x73/0xb0
[  345.364988]  ? do_syscall_64+0x1b9/0x820
[  345.369043]  ? __lockdep_init_map+0x105/0x590
[  345.373535]  ? __lockdep_init_map+0x105/0x590
[  345.378034]  ? __lockdep_init_map+0x105/0x590
[  345.382543]  ? lock_acquire+0x1e4/0x540
[  345.386507]  ? fs_reclaim_acquire+0x20/0x20
[  345.390825]  ? lock_downgrade+0x8f0/0x8f0
[  345.394964]  ? check_same_owner+0x340/0x340
[  345.399283]  ? update_pm_runtime_accounting+0x1b0/0x1b0
[  345.404645]  ? rcu_note_context_switch+0x730/0x730
[  345.409589]  __should_failslab+0x124/0x180
[  345.413813]  should_failslab+0x9/0x14
[  345.417619]  kmem_cache_alloc_trace+0x2cb/0x780
[  345.422278]  ? refcount_add_not_zero+0x330/0x330
[  345.427028]  device_private_init+0x9f/0x240
[  345.431340]  ? virtual_device_parent+0x60/0x60
[  345.435925]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  345.441545]  device_add+0xef7/0x16f0
[  345.445248]  ? dev_set_name+0xad/0xe0
[  345.449035]  ? device_initialize+0x5f0/0x5f0
[  345.453427]  ? device_private_init+0x240/0x240
[  345.457997]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  345.463020]  add_partition+0x9f4/0xf60
[  345.466898]  ? drop_partitions.isra.13+0x200/0x200
[  345.471811]  ? disk_part_iter_init+0x2c4/0x4d0
[  345.476385]  ? put_disk_and_module+0x90/0x90
[  345.480785]  blkpg_ioctl+0xa25/0xc40
[  345.484487]  ? __fdget_pos+0x1bb/0x200
[  345.488370]  ? blk_ioctl_discard+0x3b0/0x3b0
[  345.492768]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  345.498290]  ? _kstrtoull+0x188/0x250
[  345.502076]  ? _parse_integer+0x190/0x190
[  345.506311]  blkdev_ioctl+0x1885/0x2030
[  345.510270]  ? lock_acquire+0x1e4/0x540
[  345.514226]  ? blkpg_ioctl+0xc40/0xc40
[  345.518110]  ? lock_release+0xa30/0xa30
[  345.522067]  ? pid_task+0x115/0x200
[  345.525680]  ? find_vpid+0xf0/0xf0
[  345.529204]  ? __f_unlock_pos+0x19/0x20
[  345.533163]  ? __fget+0x4d5/0x740
[  345.536611]  ? ksys_dup3+0x690/0x690
[  345.540317]  ? kasan_check_write+0x14/0x20
[  345.544538]  block_ioctl+0xee/0x130
[  345.548170]  ? blkdev_fallocate+0x400/0x400
[  345.552476]  do_vfs_ioctl+0x1de/0x1720
[  345.556346]  ? fsnotify_first_mark+0x350/0x350
[  345.560909]  ? __fsnotify_parent+0xcc/0x420
[  345.565215]  ? ioctl_preallocate+0x300/0x300
[  345.569618]  ? __fget_light+0x2f7/0x440
[  345.573578]  ? fget_raw+0x20/0x20
[  345.577020]  ? __sb_end_write+0xac/0xe0
[  345.580993]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  345.586531]  ? fput+0x130/0x1a0
[  345.589803]  ? ksys_write+0x1ae/0x260
[  345.593852]  ? security_file_ioctl+0x94/0xc0
[  345.598244]  ksys_ioctl+0xa9/0xd0
[  345.601683]  __x64_sys_ioctl+0x73/0xb0
[  345.605569]  do_syscall_64+0x1b9/0x820
[  345.609612]  ? finish_task_switch+0x1d3/0x870
[  345.614102]  ? syscall_return_slowpath+0x5e0/0x5e0
[  345.619026]  ? syscall_return_slowpath+0x31d/0x5e0
[  345.623942]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  345.628945]  ? prepare_exit_to_usermode+0x291/0x3b0
[  345.633953]  ? perf_trace_sys_enter+0xb10/0xb10
[  345.638608]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  345.643443]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  345.648619] RIP: 0033:0x455e29
[  345.651787] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  345.670987] RSP: 002b:00007f3e61f1bc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  345.678693] RAX: ffffffffffffffda RBX: 00007f3e61f1c6d4 RCX: 0000000000455e29
[  345.685959] RDX: 0000000020000040 RSI: 0000000000001269 RDI: 0000000000000014
[  345.693234] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  345.700499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015
10:16:44 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:44 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080))
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

[  345.707764] R13: 00000000004bcaea R14: 00000000004cafd0 R15: 0000000000000002
10:16:44 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000), &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:44 executing program 5 (fault-call:3 fault-nth:3):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:44 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

[  345.758305] FAULT_INJECTION: forcing a failure.
[  345.758305] name failslab, interval 1, probability 0, space 0, times 0
[  345.769653] CPU: 0 PID: 22943 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  345.778062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  345.787460] Call Trace:
[  345.790063]  dump_stack+0x1c9/0x2b4
[  345.793704]  ? dump_stack_print_info.cold.2+0x52/0x52
[  345.798903]  ? __kernel_text_address+0xd/0x40
[  345.803413]  ? unwind_get_return_address+0x61/0xa0
10:16:44 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
close(r0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040))
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
r4 = msgget$private(0x0, 0x148)
msgrcv(r4, &(0x7f0000000100)={0x0, ""/154}, 0xa2, 0x2, 0x0)
tkill(r3, 0x1004000000016)
close(r1)
ioctl$sock_inet_SIOCDARP(r2, 0x8953, &(0x7f00000001c0)={{0x2, 0x4e21}, {0x306, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x40, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 'bcsh0\x00'})

[  345.808351]  should_fail.cold.4+0xa/0x11
[  345.812420]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  345.817530]  ? save_stack+0xa9/0xd0
[  345.821171]  ? kasan_kmalloc+0xc4/0xe0
[  345.825081]  ? kasan_slab_alloc+0x12/0x20
[  345.829244]  ? kmem_cache_alloc+0x12e/0x760
[  345.832478] FAULT_INJECTION: forcing a failure.
[  345.832478] name failslab, interval 1, probability 0, space 0, times 0
[  345.833672]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  345.833688]  ? kvm_mmu_load+0x21/0x10e0
[  345.833702]  ? vcpu_enter_guest+0x3aa6/0x6090
[  345.833724]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  345.863192]  ? do_vfs_ioctl+0x1de/0x1720
[  345.867239]  ? ksys_ioctl+0xa9/0xd0
[  345.870877]  ? __x64_sys_ioctl+0x73/0xb0
[  345.874930]  ? do_syscall_64+0x1b9/0x820
[  345.878989]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  345.884350]  ? lock_acquire+0x1e4/0x540
[  345.888318]  ? percpu_ref_put_many+0x119/0x240
[  345.893241]  ? lock_downgrade+0x8f0/0x8f0
[  345.897388]  ? lock_acquire+0x1e4/0x540
[  345.901355]  ? fs_reclaim_acquire+0x20/0x20
[  345.905666]  ? lock_downgrade+0x8f0/0x8f0
[  345.909805]  ? check_same_owner+0x340/0x340
[  345.914122]  ? rcu_note_context_switch+0x730/0x730
[  345.919045]  ? kasan_unpoison_shadow+0x35/0x50
[  345.923621]  __should_failslab+0x124/0x180
[  345.927847]  should_failslab+0x9/0x14
[  345.931640]  kmem_cache_alloc+0x2af/0x760
[  345.935779]  ? kasan_check_write+0x14/0x20
[  345.940009]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  345.944848]  mmu_topup_memory_caches+0xf7/0x3a0
[  345.949532]  kvm_mmu_load+0x21/0x10e0
[  345.953330]  ? rcu_note_context_switch+0x730/0x730
[  345.958253]  ? filemap_map_pages+0xca2/0x1990
[  345.962750]  vcpu_enter_guest+0x3aa6/0x6090
[  345.967067]  ? kasan_check_write+0x14/0x20
[  345.971317]  ? __mutex_lock+0x6c4/0x1680
[  345.975386]  ? kvm_set_msr_common+0x26a0/0x26a0
[  345.980047]  ? lock_acquire+0x1e4/0x540
[  345.984016]  ? vmx_vcpu_load+0xadf/0xff0
[  345.988071]  ? trace_hardirqs_on+0x10/0x10
[  345.992300]  ? vmx_vcpu_reset+0x1040/0x1040
[  345.996616]  ? find_get_entries_tag+0x1410/0x1410
[  346.001663]  ? lock_acquire+0x1e4/0x540
[  346.005631]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  346.010642]  ? lock_release+0xa30/0xa30
[  346.014607]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  346.019878]  ? kvm_arch_dev_ioctl+0x610/0x610
[  346.024380]  ? preempt_notifier_dec+0x20/0x20
[  346.028870]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  346.033707]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  346.038718]  kvm_vcpu_ioctl+0x7b8/0x1300
[  346.042772]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  346.048479]  ? lock_acquire+0x1e4/0x540
[  346.052442]  ? __fget+0x4ac/0x740
[  346.055887]  ? lock_downgrade+0x8f0/0x8f0
[  346.060029]  ? lock_release+0xa30/0xa30
[  346.063994]  ? pid_task+0x115/0x200
[  346.067612]  ? find_vpid+0xf0/0xf0
[  346.071144]  ? __f_unlock_pos+0x19/0x20
[  346.075111]  ? __fget+0x4d5/0x740
[  346.078571]  ? ksys_dup3+0x690/0x690
[  346.082285]  ? kasan_check_write+0x14/0x20
[  346.086514]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  346.091435]  ? fsnotify+0xbac/0x14e0
[  346.095138]  ? vfs_write+0x2f3/0x560
[  346.098860]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  346.104563]  do_vfs_ioctl+0x1de/0x1720
[  346.108440]  ? fsnotify_first_mark+0x350/0x350
[  346.113013]  ? __fsnotify_parent+0xcc/0x420
[  346.117335]  ? ioctl_preallocate+0x300/0x300
[  346.121751]  ? __fget_light+0x2f7/0x440
[  346.125727]  ? fget_raw+0x20/0x20
[  346.129171]  ? __sb_end_write+0xac/0xe0
[  346.133425]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  346.138954]  ? fput+0x130/0x1a0
[  346.142232]  ? ksys_write+0x1ae/0x260
[  346.146041]  ? security_file_ioctl+0x94/0xc0
[  346.150475]  ksys_ioctl+0xa9/0xd0
[  346.153934]  __x64_sys_ioctl+0x73/0xb0
[  346.157815]  do_syscall_64+0x1b9/0x820
[  346.161706]  ? finish_task_switch+0x1d3/0x870
[  346.166221]  ? syscall_return_slowpath+0x5e0/0x5e0
[  346.171160]  ? syscall_return_slowpath+0x31d/0x5e0
[  346.176097]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  346.181107]  ? prepare_exit_to_usermode+0x291/0x3b0
[  346.186115]  ? perf_trace_sys_enter+0xb10/0xb10
[  346.190778]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  346.195629]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  346.200807] RIP: 0033:0x455e29
[  346.203982] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  346.223207] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  346.230908] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  346.238267] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  346.245544] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  346.252802] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  346.260890] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000002
[  346.268166] CPU: 1 PID: 22958 Comm: syz-executor5 Not tainted 4.18.0-rc3-next-20180709+ #2
[  346.276577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  346.285931] Call Trace:
[  346.288524]  dump_stack+0x1c9/0x2b4
[  346.292163]  ? dump_stack_print_info.cold.2+0x52/0x52
[  346.297376]  ? d_alloc_parallel+0x15a/0x1ea0
[  346.301795]  ? lookup_open+0x54f/0x1b40
[  346.305789]  should_fail.cold.4+0xa/0x11
[  346.309864]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  346.314990]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  346.320020]  ? bpf_prog_kallsyms_find+0xde/0x4c0
[  346.324788]  ? lock_acquire+0x1e4/0x540
[  346.328778]  ? fs_reclaim_acquire+0x20/0x20
[  346.333084]  ? lock_downgrade+0x8f0/0x8f0
[  346.337237]  ? check_same_owner+0x340/0x340
[  346.341546]  ? rcu_is_watching+0x8c/0x150
[  346.345677]  ? rcu_note_context_switch+0x730/0x730
[  346.350595]  __should_failslab+0x124/0x180
[  346.354830]  should_failslab+0x9/0x14
[  346.358613]  __kmalloc_track_caller+0x2c4/0x760
[  346.363273]  ? __kernel_text_address+0xd/0x40
[  346.367753]  ? unwind_get_return_address+0x61/0xa0
[  346.372678]  ? __save_stack_trace+0x8d/0xf0
[  346.376994]  ? kstrdup_const+0x66/0x80
[  346.380882]  kstrdup+0x39/0x70
[  346.384065]  kstrdup_const+0x66/0x80
[  346.387764]  __kernfs_new_node+0xb0/0x5a0
[  346.391900]  ? save_stack+0xa9/0xd0
[  346.395535]  ? kernfs_dop_revalidate+0x3c0/0x3c0
[  346.400276]  ? kmem_cache_alloc_trace+0x152/0x780
[  346.405105]  ? device_private_init+0x9f/0x240
[  346.409585]  ? device_add+0xef7/0x16f0
[  346.413469]  ? add_partition+0x9f4/0xf60
[  346.417527]  ? lock_acquire+0x1e4/0x540
[  346.421486]  ? kobject_add_internal+0x31c/0xad0
[  346.426163]  ? lock_downgrade+0x8f0/0x8f0
[  346.430308]  kernfs_new_node+0x80/0xf0
[  346.434195]  kernfs_create_dir_ns+0x3d/0x140
[  346.438591]  sysfs_create_dir_ns+0xbe/0x1d0
[  346.442899]  kobject_add_internal+0x35c/0xad0
[  346.447381]  ? kobj_ns_type_registered+0x60/0x60
[  346.452127]  ? __device_link_free_srcu+0xb0/0xb0
[  346.456867]  ? lockdep_init_map+0x9/0x10
[  346.460912]  ? __raw_spin_lock_init+0x2d/0x100
[  346.465495]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  346.471020]  ? refcount_inc_not_zero+0x1e5/0x2f0
[  346.475765]  kobject_add+0x13f/0x1b0
[  346.479466]  ? kset_create_and_add+0x190/0x190
[  346.484033]  ? virtual_device_parent+0x60/0x60
[  346.488602]  device_add+0x3c4/0x16f0
[  346.492322]  ? device_private_init+0x240/0x240
[  346.496895]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  346.501900]  add_partition+0x9f4/0xf60
[  346.505778]  ? drop_partitions.isra.13+0x200/0x200
[  346.510692]  ? disk_part_iter_init+0x2c4/0x4d0
[  346.515271]  ? put_disk_and_module+0x90/0x90
[  346.519664]  blkpg_ioctl+0xa25/0xc40
[  346.523362]  ? __fdget_pos+0x1bb/0x200
[  346.527246]  ? blk_ioctl_discard+0x3b0/0x3b0
[  346.531640]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  346.537165]  ? _kstrtoull+0x188/0x250
[  346.540958]  ? _parse_integer+0x190/0x190
[  346.545114]  blkdev_ioctl+0x1885/0x2030
[  346.549075]  ? lock_acquire+0x1e4/0x540
[  346.553031]  ? blkpg_ioctl+0xc40/0xc40
[  346.556907]  ? lock_release+0xa30/0xa30
[  346.560870]  ? pid_task+0x115/0x200
[  346.564492]  ? find_vpid+0xf0/0xf0
[  346.568021]  ? __f_unlock_pos+0x19/0x20
[  346.571980]  ? __fget+0x4d5/0x740
[  346.575419]  ? ksys_dup3+0x690/0x690
[  346.579122]  ? kasan_check_write+0x14/0x20
[  346.583344]  block_ioctl+0xee/0x130
[  346.586956]  ? blkdev_fallocate+0x400/0x400
[  346.591261]  do_vfs_ioctl+0x1de/0x1720
[  346.595131]  ? fsnotify_first_mark+0x350/0x350
[  346.599700]  ? __fsnotify_parent+0xcc/0x420
[  346.604011]  ? ioctl_preallocate+0x300/0x300
[  346.608407]  ? __fget_light+0x2f7/0x440
[  346.612367]  ? fget_raw+0x20/0x20
[  346.615807]  ? __sb_end_write+0xac/0xe0
[  346.619855]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  346.625391]  ? fput+0x130/0x1a0
[  346.628653]  ? ksys_write+0x1ae/0x260
[  346.632441]  ? security_file_ioctl+0x94/0xc0
[  346.636845]  ksys_ioctl+0xa9/0xd0
[  346.640285]  __x64_sys_ioctl+0x73/0xb0
[  346.644157]  do_syscall_64+0x1b9/0x820
[  346.648033]  ? syscall_slow_exit_work+0x500/0x500
[  346.652859]  ? syscall_return_slowpath+0x5e0/0x5e0
[  346.657948]  ? syscall_return_slowpath+0x31d/0x5e0
[  346.662862]  ? prepare_exit_to_usermode+0x291/0x3b0
[  346.667863]  ? perf_trace_sys_enter+0xb10/0xb10
[  346.672517]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  346.677373]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  346.682545] RIP: 0033:0x455e29
[  346.685718] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  346.704890] RSP: 002b:00007f3e61f1bc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
10:16:45 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:45 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

[  346.712591] RAX: ffffffffffffffda RBX: 00007f3e61f1c6d4 RCX: 0000000000455e29
[  346.719845] RDX: 0000000020000040 RSI: 0000000000001269 RDI: 0000000000000014
[  346.727104] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  346.734383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015
[  346.741649] R13: 00000000004bcaea R14: 00000000004cafd0 R15: 0000000000000003
[  346.748964] kobject_add_internal failed for nbd0p8 (error: -12 parent: nbd0)
10:16:45 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d34")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:47 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000), &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:47 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x401070ca, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:47 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2), 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:47 executing program 4 (fault-call:11 fault-nth:3):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:47 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d34")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:47 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(0xffffffffffffffff)

10:16:47 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000140)='./control/file0\x00', 0x8)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
r4 = openat$cgroup_ro(r2, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x0, 0x0)
write$sndseq(r4, &(0x7f0000000100)=[{0x401, 0x885, 0x7, 0xfffffffffffffffa, @time={0x77359400}, {0x5, 0x8001}, {0xdaa, 0xfffffffffffffff9}, @raw8={"d6a4103e679c088c31bf3e5d"}}], 0x30)
close(r1)

10:16:47 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x5452, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:47 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d34")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

[  348.353445] FAULT_INJECTION: forcing a failure.
[  348.353445] name failslab, interval 1, probability 0, space 0, times 0
[  348.364757] CPU: 0 PID: 22996 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  348.373160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  348.382524] Call Trace:
[  348.385150]  dump_stack+0x1c9/0x2b4
[  348.388797]  ? dump_stack_print_info.cold.2+0x52/0x52
[  348.394091]  ? __kernel_text_address+0xd/0x40
[  348.398600]  ? unwind_get_return_address+0x61/0xa0
[  348.403547]  should_fail.cold.4+0xa/0x11
[  348.407627]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  348.412749]  ? save_stack+0xa9/0xd0
[  348.416396]  ? kasan_kmalloc+0xc4/0xe0
[  348.420292]  ? kasan_slab_alloc+0x12/0x20
[  348.424444]  ? kmem_cache_alloc+0x12e/0x760
[  348.428876]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  348.434134]  ? kvm_mmu_load+0x21/0x10e0
[  348.438119]  ? vcpu_enter_guest+0x3aa6/0x6090
[  348.442622]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  348.447648]  ? do_vfs_ioctl+0x1de/0x1720
[  348.451716]  ? ksys_ioctl+0xa9/0xd0
[  348.455357]  ? __x64_sys_ioctl+0x73/0xb0
[  348.459424]  ? do_syscall_64+0x1b9/0x820
[  348.463493]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  348.468869]  ? lock_acquire+0x1e4/0x540
[  348.472851]  ? percpu_ref_put_many+0x119/0x240
[  348.477445]  ? lock_downgrade+0x8f0/0x8f0
[  348.481607]  ? lock_acquire+0x1e4/0x540
[  348.485585]  ? fs_reclaim_acquire+0x20/0x20
[  348.489914]  ? lock_downgrade+0x8f0/0x8f0
[  348.494083]  ? check_same_owner+0x340/0x340
[  348.498418]  ? rcu_note_context_switch+0x730/0x730
[  348.503360]  ? kasan_unpoison_shadow+0x35/0x50
[  348.507958]  __should_failslab+0x124/0x180
[  348.512205]  should_failslab+0x9/0x14
[  348.516012]  kmem_cache_alloc+0x2af/0x760
[  348.520171]  ? kasan_check_write+0x14/0x20
[  348.524416]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  348.529270]  mmu_topup_memory_caches+0xf7/0x3a0
[  348.533957]  kvm_mmu_load+0x21/0x10e0
[  348.537761]  ? rcu_note_context_switch+0x730/0x730
[  348.542699]  ? filemap_map_pages+0xca2/0x1990
[  348.547200]  vcpu_enter_guest+0x3aa6/0x6090
[  348.551528]  ? kasan_check_write+0x14/0x20
[  348.555766]  ? __mutex_lock+0x6c4/0x1680
[  348.559839]  ? kvm_set_msr_common+0x26a0/0x26a0
[  348.564511]  ? lock_acquire+0x1e4/0x540
[  348.568521]  ? vmx_vcpu_load+0xadf/0xff0
[  348.572712]  ? trace_hardirqs_on+0x10/0x10
[  348.576952]  ? vmx_vcpu_reset+0x1040/0x1040
[  348.581276]  ? find_get_entries_tag+0x1410/0x1410
[  348.586130]  ? lock_acquire+0x1e4/0x540
[  348.590107]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  348.595127]  ? lock_release+0xa30/0xa30
[  348.599101]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  348.604378]  ? kvm_arch_dev_ioctl+0x610/0x610
[  348.608870]  ? preempt_notifier_dec+0x20/0x20
[  348.613370]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  348.618212]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  348.623257]  kvm_vcpu_ioctl+0x7b8/0x1300
[  348.627365]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  348.633082]  ? lock_acquire+0x1e4/0x540
[  348.637061]  ? __fget+0x4ac/0x740
[  348.640517]  ? lock_downgrade+0x8f0/0x8f0
[  348.644665]  ? lock_release+0xa30/0xa30
[  348.648639]  ? pid_task+0x115/0x200
[  348.652801]  ? find_vpid+0xf0/0xf0
[  348.656358]  ? __f_unlock_pos+0x19/0x20
[  348.660424]  ? __fget+0x4d5/0x740
[  348.663882]  ? ksys_dup3+0x690/0x690
[  348.667609]  ? kasan_check_write+0x14/0x20
[  348.671843]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  348.676793]  ? fsnotify+0xbac/0x14e0
[  348.680729]  ? vfs_write+0x2f3/0x560
[  348.684460]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  348.690182]  do_vfs_ioctl+0x1de/0x1720
[  348.694080]  ? fsnotify_first_mark+0x350/0x350
[  348.698666]  ? __fsnotify_parent+0xcc/0x420
[  348.702997]  ? ioctl_preallocate+0x300/0x300
[  348.707415]  ? __fget_light+0x2f7/0x440
[  348.711395]  ? fget_raw+0x20/0x20
[  348.714881]  ? __sb_end_write+0xac/0xe0
[  348.718862]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  348.724402]  ? fput+0x130/0x1a0
[  348.727701]  ? ksys_write+0x1ae/0x260
[  348.731503]  ? security_file_ioctl+0x94/0xc0
[  348.735914]  ksys_ioctl+0xa9/0xd0
[  348.739368]  __x64_sys_ioctl+0x73/0xb0
[  348.743263]  do_syscall_64+0x1b9/0x820
[  348.747152]  ? finish_task_switch+0x1d3/0x870
[  348.751664]  ? syscall_return_slowpath+0x5e0/0x5e0
[  348.756595]  ? syscall_return_slowpath+0x31d/0x5e0
[  348.761532]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  348.766555]  ? prepare_exit_to_usermode+0x291/0x3b0
[  348.771577]  ? perf_trace_sys_enter+0xb10/0xb10
[  348.776247]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  348.781080]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  348.786261] RIP: 0033:0x455e29
[  348.789428] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  348.808561] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  348.816267] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  348.823521] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  348.830777] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  348.838042] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  348.845319] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000003
10:16:48 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000), &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:48 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2), 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:48 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f76")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:48 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1268, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:48 executing program 4 (fault-call:11 fault-nth:4):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:48 executing program 6:
r0 = socket$inet6(0xa, 0x0, 0x2)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_create(0x7, &(0x7f0000000140)={0x0, 0x30, 0x4, @thr={&(0x7f0000000040), &(0x7f0000000100)="27c9dd3a1d314fa06949eccc136af92ef8d04e18d56d1f1ec5b99433f283b4457fce63d3d198"}}, &(0x7f0000000180))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
syz_open_procfs$namespace(r3, &(0x7f0000000040)='ns/pid_for_children\x00')
close(r1)
getpeername(r0, &(0x7f00000001c0)=@sco, &(0x7f0000000240)=0x80)

10:16:48 executing program 1 (fault-call:11 fault-nth:0):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

[  349.842137] FAULT_INJECTION: forcing a failure.
[  349.842137] name failslab, interval 1, probability 0, space 0, times 0
[  349.853560] CPU: 1 PID: 23026 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  349.861962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  349.871318] Call Trace:
[  349.873920]  dump_stack+0x1c9/0x2b4
[  349.877564]  ? dump_stack_print_info.cold.2+0x52/0x52
[  349.882766]  ? __kernel_text_address+0xd/0x40
[  349.887267]  ? unwind_get_return_address+0x61/0xa0
[  349.892210]  should_fail.cold.4+0xa/0x11
[  349.896281]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  349.901394]  ? save_stack+0xa9/0xd0
[  349.905036]  ? kasan_kmalloc+0xc4/0xe0
[  349.908931]  ? kasan_slab_alloc+0x12/0x20
[  349.913081]  ? kmem_cache_alloc+0x12e/0x760
[  349.917390]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  349.922230]  ? kvm_mmu_load+0x21/0x10e0
[  349.926198]  ? vcpu_enter_guest+0x3aa6/0x6090
[  349.930685]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  349.935694]  ? do_vfs_ioctl+0x1de/0x1720
[  349.939744]  ? ksys_ioctl+0xa9/0xd0
[  349.943357]  ? __x64_sys_ioctl+0x73/0xb0
[  349.947402]  ? do_syscall_64+0x1b9/0x820
[  349.951453]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  349.956893]  ? lock_acquire+0x1e4/0x540
[  349.960855]  ? percpu_ref_put_many+0x119/0x240
[  349.965423]  ? lock_downgrade+0x8f0/0x8f0
[  349.969585]  ? lock_acquire+0x1e4/0x540
[  349.973551]  ? fs_reclaim_acquire+0x20/0x20
[  349.977873]  ? lock_downgrade+0x8f0/0x8f0
[  349.982015]  ? check_same_owner+0x340/0x340
[  349.986326]  ? rcu_note_context_switch+0x730/0x730
[  349.991241]  ? kasan_unpoison_shadow+0x35/0x50
[  349.995804]  __should_failslab+0x124/0x180
[  350.000030]  should_failslab+0x9/0x14
[  350.003816]  kmem_cache_alloc+0x2af/0x760
[  350.007948]  ? kasan_check_write+0x14/0x20
[  350.012168]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  350.017023]  mmu_topup_memory_caches+0xf7/0x3a0
[  350.021687]  kvm_mmu_load+0x21/0x10e0
[  350.025470]  ? rcu_note_context_switch+0x730/0x730
[  350.030398]  ? filemap_map_pages+0xca2/0x1990
[  350.034890]  vcpu_enter_guest+0x3aa6/0x6090
[  350.039210]  ? kasan_check_write+0x14/0x20
[  350.043439]  ? __mutex_lock+0x6c4/0x1680
[  350.047501]  ? kvm_set_msr_common+0x26a0/0x26a0
[  350.052156]  ? lock_acquire+0x1e4/0x540
[  350.056118]  ? vmx_vcpu_load+0xadf/0xff0
[  350.060162]  ? trace_hardirqs_on+0x10/0x10
[  350.064397]  ? vmx_vcpu_reset+0x1040/0x1040
[  350.068707]  ? find_get_entries_tag+0x1410/0x1410
[  350.073545]  ? lock_acquire+0x1e4/0x540
[  350.077517]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  350.082533]  ? lock_release+0xa30/0xa30
[  350.086512]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  350.091791]  ? retint_kernel+0x10/0x10
[  350.095682]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  350.100509]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  350.105510]  kvm_vcpu_ioctl+0x7b8/0x1300
[  350.109559]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  350.115259]  ? lock_acquire+0x1e4/0x540
[  350.119218]  ? __fget+0x4ac/0x740
[  350.122657]  ? lock_downgrade+0x8f0/0x8f0
[  350.126804]  ? lock_release+0xa30/0xa30
[  350.130787]  ? pid_task+0x115/0x200
[  350.134407]  ? find_vpid+0xf0/0xf0
[  350.138122]  ? __f_unlock_pos+0x19/0x20
[  350.142085]  ? __fget+0x4d5/0x740
[  350.145564]  ? ksys_dup3+0x690/0x690
[  350.149356]  ? kasan_check_write+0x14/0x20
[  350.153590]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  350.158516]  ? fsnotify+0xbac/0x14e0
[  350.162229]  ? vfs_write+0x2f3/0x560
[  350.165951]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  350.171653]  do_vfs_ioctl+0x1de/0x1720
[  350.175528]  ? fsnotify_first_mark+0x350/0x350
[  350.180099]  ? __fsnotify_parent+0xcc/0x420
[  350.184439]  ? ioctl_preallocate+0x300/0x300
[  350.188830]  ? __fget_light+0x2f7/0x440
[  350.192793]  ? fget_raw+0x20/0x20
[  350.196259]  ? __sb_end_write+0xac/0xe0
[  350.200221]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  350.205739]  ? fput+0x130/0x1a0
[  350.209022]  ? ksys_write+0x1ae/0x260
[  350.212822]  ? security_file_ioctl+0x94/0xc0
[  350.217218]  ksys_ioctl+0xa9/0xd0
[  350.220667]  __x64_sys_ioctl+0x73/0xb0
[  350.224552]  do_syscall_64+0x1b9/0x820
[  350.228434]  ? finish_task_switch+0x1d3/0x870
[  350.232921]  ? syscall_return_slowpath+0x5e0/0x5e0
[  350.237843]  ? syscall_return_slowpath+0x31d/0x5e0
[  350.242768]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  350.247776]  ? prepare_exit_to_usermode+0x291/0x3b0
[  350.252796]  ? perf_trace_sys_enter+0xb10/0xb10
[  350.257458]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  350.262316]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  350.267502] RIP: 0033:0x455e29
[  350.270671] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  350.289800] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  350.297500] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  350.304754] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  350.312012] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  350.319275] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  350.326720] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000004
10:16:50 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(0xffffffffffffffff, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:50 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x401070c9, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:50 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f76")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:50 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2), 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:50 executing program 4 (fault-call:11 fault-nth:5):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:50 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:50 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x40001, 0x32, r0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:50 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x401870cb, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:50 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000), &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

[  351.407134] FAULT_INJECTION: forcing a failure.
[  351.407134] name failslab, interval 1, probability 0, space 0, times 0
[  351.418488] CPU: 1 PID: 23070 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  351.426897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  351.436256] Call Trace:
[  351.438864]  dump_stack+0x1c9/0x2b4
[  351.442509]  ? dump_stack_print_info.cold.2+0x52/0x52
[  351.447715]  ? __kernel_text_address+0xd/0x40
[  351.452221]  ? unwind_get_return_address+0x61/0xa0
[  351.457169]  should_fail.cold.4+0xa/0x11
[  351.461248]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  351.466366]  ? save_stack+0xa9/0xd0
[  351.470014]  ? kasan_kmalloc+0xc4/0xe0
[  351.473922]  ? kasan_slab_alloc+0x12/0x20
[  351.478110]  ? kmem_cache_alloc+0x12e/0x760
[  351.482443]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  351.487306]  ? kvm_mmu_load+0x21/0x10e0
[  351.491294]  ? vcpu_enter_guest+0x3aa6/0x6090
[  351.495783]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  351.500791]  ? do_vfs_ioctl+0x1de/0x1720
[  351.504865]  ? ksys_ioctl+0xa9/0xd0
[  351.508484]  ? __x64_sys_ioctl+0x73/0xb0
[  351.512543]  ? do_syscall_64+0x1b9/0x820
[  351.516598]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  351.522047]  ? lock_acquire+0x1e4/0x540
[  351.526012]  ? percpu_ref_put_many+0x119/0x240
[  351.530591]  ? lock_downgrade+0x8f0/0x8f0
[  351.534730]  ? lock_acquire+0x1e4/0x540
[  351.538691]  ? fs_reclaim_acquire+0x20/0x20
[  351.543020]  ? lock_downgrade+0x8f0/0x8f0
[  351.547167]  ? check_same_owner+0x340/0x340
[  351.551484]  ? rcu_note_context_switch+0x730/0x730
[  351.556408]  ? kasan_unpoison_shadow+0x35/0x50
[  351.560993]  __should_failslab+0x124/0x180
[  351.565226]  should_failslab+0x9/0x14
[  351.569025]  kmem_cache_alloc+0x2af/0x760
[  351.573191]  ? kasan_check_write+0x14/0x20
[  351.577417]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  351.582261]  mmu_topup_memory_caches+0xf7/0x3a0
[  351.586932]  kvm_mmu_load+0x21/0x10e0
[  351.590740]  ? rcu_note_context_switch+0x730/0x730
[  351.595683]  ? filemap_map_pages+0xca2/0x1990
[  351.600193]  vcpu_enter_guest+0x3aa6/0x6090
[  351.604525]  ? kasan_check_write+0x14/0x20
[  351.608757]  ? __mutex_lock+0x6c4/0x1680
[  351.612817]  ? kvm_set_msr_common+0x26a0/0x26a0
[  351.617482]  ? vmx_vcpu_load+0xadf/0xff0
[  351.621534]  ? trace_hardirqs_on+0x10/0x10
[  351.625758]  ? vmx_vcpu_reset+0x1040/0x1040
[  351.630068]  ? find_get_entries_tag+0x1410/0x1410
[  351.634904]  ? __account_cfs_rq_runtime+0x770/0x770
[  351.639930]  ? lock_acquire+0x1e4/0x540
[  351.643908]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  351.648920]  ? lock_release+0xa30/0xa30
[  351.652879]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  351.658144]  ? kvm_arch_dev_ioctl+0x610/0x610
[  351.662626]  ? preempt_notifier_dec+0x20/0x20
[  351.667204]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  351.672040]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  351.677055]  kvm_vcpu_ioctl+0x7b8/0x1300
[  351.681104]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  351.686810]  ? lock_acquire+0x1e4/0x540
[  351.690770]  ? __fget+0x4ac/0x740
[  351.694215]  ? lock_downgrade+0x8f0/0x8f0
[  351.698349]  ? lock_release+0xa30/0xa30
[  351.702306]  ? pid_task+0x115/0x200
[  351.705923]  ? find_vpid+0xf0/0xf0
[  351.709459]  ? __f_unlock_pos+0x19/0x20
[  351.713419]  ? __fget+0x4d5/0x740
[  351.716860]  ? ksys_dup3+0x690/0x690
[  351.720578]  ? kasan_check_write+0x14/0x20
[  351.724806]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  351.729731]  ? fsnotify+0xbac/0x14e0
[  351.733434]  ? vfs_write+0x2f3/0x560
[  351.737141]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  351.742847]  do_vfs_ioctl+0x1de/0x1720
[  351.746728]  ? fsnotify_first_mark+0x350/0x350
[  351.751306]  ? __fsnotify_parent+0xcc/0x420
[  351.755616]  ? ioctl_preallocate+0x300/0x300
[  351.760013]  ? __fget_light+0x2f7/0x440
[  351.763986]  ? fget_raw+0x20/0x20
[  351.767429]  ? __sb_end_write+0xac/0xe0
[  351.771392]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  351.776915]  ? fput+0x130/0x1a0
[  351.780178]  ? ksys_write+0x1ae/0x260
[  351.783984]  ? security_file_ioctl+0x94/0xc0
[  351.788388]  ksys_ioctl+0xa9/0xd0
[  351.791832]  __x64_sys_ioctl+0x73/0xb0
[  351.795715]  do_syscall_64+0x1b9/0x820
[  351.799594]  ? syscall_slow_exit_work+0x500/0x500
[  351.804422]  ? syscall_return_slowpath+0x5e0/0x5e0
[  351.809347]  ? syscall_return_slowpath+0x31d/0x5e0
[  351.814266]  ? prepare_exit_to_usermode+0x291/0x3b0
[  351.819272]  ? perf_trace_sys_enter+0xb10/0xb10
[  351.823936]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  351.828785]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  351.833964] RIP: 0033:0x455e29
[  351.837136] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  351.856395] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  351.864101] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  351.871373] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  351.878640] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  351.885920] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  351.893189] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000005
10:16:51 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(0xffffffffffffffff, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:51 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f76")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:51 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1264, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:51 executing program 4 (fault-call:11 fault-nth:6):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:51 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x4000000000000000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:51 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:51 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
r2 = add_key(&(0x7f0000000280)='.dead\x00', &(0x7f00000002c0)={0x73, 0x79, 0x7a, 0x0}, &(0x7f0000000300)="6261e9e92ab1215880aabad8eb0ff5a7478283f008c37b0773f10689186f4c78451190524cbc6ecb8738d1b09c58021b524b2dba0f31e5c8be1157dc795b9174147f007d3ce0fa2b3c1a1ab80fc2e96d7a92d407a40a811e0552c837ce1a00342de0d3cb2315c8fd07f8c17418aeb3d0a637d186f05a388ea976a954fe87b2218952f21d81b3a5fc5b6ffaffef069d1a4290c30da5f865521a4a4b2a43eac86409ec716dd992a7ff8cd1580362198efef5a87bda66dfc196f3a69612f07c21f0f11eb59f1fdcf344940fe054250e0cc524df030a5e909d", 0xd7, 0xfffffffffffffff9)
add_key$user(&(0x7f0000000100)='user\x00', &(0x7f0000000140)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000180)="3ab0cb58f5a1443261e8b1e09774053924cf13a4f3d8e6d39941fd5219c60c894743ef4ea793f6c0f6e058ea923ee26c92b5d1d2c609bea6fc58e83871a29ec5a204062f32cf96bcef55c32d17abca9c84fca4a3af2ce59ffa9d7b088547b9c7e38fdc94d26d0153bac2714db6efda454ae442b4b5e4ab18cb9b309ce7cda8de2a2fcc15db89f96abb4478fb51f7ca73e03e8d0bb28ee7463e515c6b6724ba8407bb90fe83c209ef135e8dd7d99f55f92614e3986dd03c89faa843ccea2bdf13f5d6c72e9c3f72d863cbf00316f335a64f57f3250dcb3a6e0e4d50542215711ef409cc923d121b1df721bbcc602132cd77463c727e6266", 0xf7, r2)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r3, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r4, 0x1004000000016)
setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000000400)={0x0, @multicast1=0xe0000001, 0x4e24, 0x1, 'ovf\x00', 0x28, 0x1, 0x36}, 0x2c)
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x40, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r3, 0x40046205, 0x8)

10:16:51 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1263, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:51 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f7620")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:51 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f7620")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:51 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x127c, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  352.913357] FAULT_INJECTION: forcing a failure.
[  352.913357] name failslab, interval 1, probability 0, space 0, times 0
[  352.924673] CPU: 1 PID: 23097 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  352.933079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  352.942524] Call Trace:
[  352.945245]  dump_stack+0x1c9/0x2b4
[  352.948888]  ? dump_stack_print_info.cold.2+0x52/0x52
[  352.954090]  ? __kernel_text_address+0xd/0x40
[  352.958615]  ? unwind_get_return_address+0x61/0xa0
10:16:51 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x80081272, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  352.963559]  should_fail.cold.4+0xa/0x11
[  352.967638]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  352.972753]  ? save_stack+0xa9/0xd0
[  352.976390]  ? kasan_kmalloc+0xc4/0xe0
[  352.980284]  ? kasan_slab_alloc+0x12/0x20
[  352.984441]  ? kmem_cache_alloc+0x12e/0x760
[  352.988863]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  352.993728]  ? kvm_mmu_load+0x21/0x10e0
[  352.997716]  ? vcpu_enter_guest+0x3aa6/0x6090
[  353.002218]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  353.007239]  ? do_vfs_ioctl+0x1de/0x1720
10:16:51 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f7620")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

[  353.011301]  ? ksys_ioctl+0xa9/0xd0
[  353.014929]  ? __x64_sys_ioctl+0x73/0xb0
[  353.018998]  ? do_syscall_64+0x1b9/0x820
[  353.023070]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  353.028619]  ? lock_acquire+0x1e4/0x540
[  353.032612]  ? percpu_ref_put_many+0x119/0x240
[  353.037209]  ? lock_downgrade+0x8f0/0x8f0
[  353.041369]  ? lock_acquire+0x1e4/0x540
[  353.045356]  ? fs_reclaim_acquire+0x20/0x20
[  353.049692]  ? lock_downgrade+0x8f0/0x8f0
[  353.053863]  ? check_same_owner+0x340/0x340
[  353.058202]  ? rcu_note_context_switch+0x730/0x730
10:16:52 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0xc0045878, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:52 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

[  353.063147]  ? kasan_unpoison_shadow+0x35/0x50
[  353.067748]  __should_failslab+0x124/0x180
[  353.072001]  should_failslab+0x9/0x14
[  353.075812]  kmem_cache_alloc+0x2af/0x760
[  353.079969]  ? kasan_check_write+0x14/0x20
[  353.084217]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  353.090245]  mmu_topup_memory_caches+0xf7/0x3a0
[  353.095479]  kvm_mmu_load+0x21/0x10e0
[  353.099292]  ? rcu_note_context_switch+0x730/0x730
[  353.104236]  vcpu_enter_guest+0x3aa6/0x6090
[  353.108830]  ? kasan_check_write+0x14/0x20
[  353.113071]  ? __mutex_lock+0x6c4/0x1680
[  353.117139]  ? kvm_set_msr_common+0x26a0/0x26a0
[  353.121829]  ? cpuacct_charge+0x30a/0x5d0
[  353.126006]  ? vmx_vcpu_load+0xadf/0xff0
[  353.130080]  ? trace_hardirqs_on+0x10/0x10
[  353.134315]  ? vmx_vcpu_reset+0x1040/0x1040
[  353.138636]  ? update_curr+0x4e7/0xc00
[  353.142531]  ? find_get_entries_tag+0x1410/0x1410
[  353.147378]  ? __account_cfs_rq_runtime+0x770/0x770
[  353.152408]  ? lock_acquire+0x1e4/0x540
[  353.156390]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  353.161412]  ? lock_release+0xa30/0xa30
[  353.165376]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  353.170644]  ? kvm_arch_dev_ioctl+0x610/0x610
[  353.175169]  ? preempt_notifier_dec+0x20/0x20
[  353.179659]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  353.184497]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  353.189504]  kvm_vcpu_ioctl+0x7b8/0x1300
[  353.193567]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  353.199285]  ? lock_acquire+0x1e4/0x540
[  353.203338]  ? __fget+0x4ac/0x740
[  353.206788]  ? lock_downgrade+0x8f0/0x8f0
[  353.210947]  ? lock_release+0xa30/0xa30
[  353.214921]  ? pid_task+0x115/0x200
[  353.218565]  ? find_vpid+0xf0/0xf0
[  353.222107]  ? __f_unlock_pos+0x19/0x20
[  353.226108]  ? __fget+0x4d5/0x740
[  353.229558]  ? ksys_dup3+0x690/0x690
[  353.233277]  ? kasan_check_write+0x14/0x20
[  353.237523]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  353.242448]  ? fsnotify+0xbac/0x14e0
[  353.246158]  ? vfs_write+0x2f3/0x560
[  353.249887]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  353.255607]  do_vfs_ioctl+0x1de/0x1720
[  353.259495]  ? fsnotify_first_mark+0x350/0x350
[  353.264074]  ? __fsnotify_parent+0xcc/0x420
[  353.268381]  ? ioctl_preallocate+0x300/0x300
[  353.272790]  ? __fget_light+0x2f7/0x440
[  353.276765]  ? fget_raw+0x20/0x20
[  353.280216]  ? __sb_end_write+0xac/0xe0
[  353.284188]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  353.289717]  ? fput+0x130/0x1a0
[  353.292994]  ? ksys_write+0x1ae/0x260
[  353.296797]  ? security_file_ioctl+0x94/0xc0
[  353.301216]  ksys_ioctl+0xa9/0xd0
[  353.304673]  __x64_sys_ioctl+0x73/0xb0
[  353.308551]  do_syscall_64+0x1b9/0x820
[  353.312426]  ? syscall_slow_exit_work+0x500/0x500
[  353.317266]  ? syscall_return_slowpath+0x5e0/0x5e0
[  353.322193]  ? syscall_return_slowpath+0x31d/0x5e0
[  353.327122]  ? prepare_exit_to_usermode+0x291/0x3b0
[  353.332132]  ? perf_trace_sys_enter+0xb10/0xb10
[  353.336800]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  353.341631]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  353.346813] RIP: 0033:0x455e29
[  353.349990] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  353.369168] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  353.376930] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  353.384197] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  353.391463] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  353.398731] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  353.406004] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000006
[  353.966650] FAULT_FLAG_ALLOW_RETRY missing 30
[  353.971241] CPU: 1 PID: 23104 Comm: syz-executor6 Not tainted 4.18.0-rc3-next-20180709+ #2
[  353.979668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  353.989012] Call Trace:
[  353.991598]  dump_stack+0x1c9/0x2b4
[  353.995221]  ? dump_stack_print_info.cold.2+0x52/0x52
[  354.000402]  ? kasan_check_write+0x14/0x20
[  354.004637]  ? do_raw_spin_lock+0xc1/0x200
[  354.008885]  handle_userfault.cold.33+0x47/0x62
[  354.013559]  ? userfaultfd_ioctl+0x5420/0x5420
[  354.018134]  ? trace_hardirqs_on+0x10/0x10
[  354.022367]  ? lock_acquire+0x1e4/0x540
[  354.026332]  ? cgroup_get_e_css+0x1bf/0xb30
[  354.030665]  ? lock_downgrade+0x8f0/0x8f0
[  354.034824]  ? lock_release+0xa30/0xa30
[  354.038810]  ? cgroup_css.part.15+0x12c/0x200
[  354.043304]  ? userfaultfd_ctx_put+0x810/0x810
[  354.047889]  ? cgroup_get_e_css+0x1a0/0xb30
[  354.052203]  ? lock_acquire+0x1e4/0x540
[  354.056163]  ? wb_get_create+0x35e/0x1f10
[  354.060308]  ? lock_downgrade+0x8f0/0x8f0
[  354.064453]  ? trace_hardirqs_on+0x10/0x10
[  354.068688]  ? lock_acquire+0x1e4/0x540
[  354.072649]  ? __handle_mm_fault+0x3a24/0x4480
[  354.077226]  ? lock_downgrade+0x8f0/0x8f0
[  354.081382]  ? kasan_check_read+0x11/0x20
[  354.085534]  ? do_raw_spin_unlock+0xa7/0x2f0
[  354.090037]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  354.094628]  ? kasan_check_write+0x14/0x20
[  354.098872]  ? do_raw_spin_lock+0xc1/0x200
[  354.103107]  __handle_mm_fault+0x3a31/0x4480
[  354.107503]  ? vmf_insert_mixed_mkwrite+0xa0/0xa0
[  354.112344]  ? debug_check_no_obj_freed+0x30b/0x595
[  354.117356]  ? __wake_up_common_lock+0x1d0/0x330
[  354.122115]  ? lock_acquire+0x1e4/0x540
[  354.126099]  ? handle_mm_fault+0x417/0xc80
[  354.130331]  ? lock_downgrade+0x8f0/0x8f0
[  354.134476]  ? lock_release+0xa30/0xa30
[  354.138439]  ? rcu_note_context_switch+0x730/0x730
[  354.143365]  ? mem_cgroup_from_task+0xcb/0x1f0
[  354.147987]  ? mem_cgroup_css_online+0x3c0/0x3c0
[  354.152751]  handle_mm_fault+0x53e/0xc80
[  354.156808]  ? __handle_mm_fault+0x4480/0x4480
[  354.161385]  ? find_vma+0x34/0x190
[  354.164915]  __do_page_fault+0x620/0xe50
[  354.168967]  ? mm_fault_error+0x380/0x380
[  354.173112]  do_page_fault+0xf6/0x8c0
[  354.176946]  ? vmalloc_sync_all+0x30/0x30
[  354.181091]  ? do_raw_spin_lock+0xc1/0x200
[  354.185329]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  354.190856]  ? __mark_inode_dirty+0x495/0x1550
[  354.195442]  ? __inode_attach_wb+0x13e0/0x13e0
[  354.200023]  ? ext4_xattr_inode_set_class+0x60/0x60
[  354.205052]  ? get_futex_value_locked+0xcb/0xf0
[  354.209722]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  354.214585]  page_fault+0x1e/0x30
[  354.218054] RIP: 0010:iov_iter_fault_in_readable+0x1bf/0x460
[  354.223839] Code: ff ff ff 76 17 eb 3f e8 7f 9e 1b fe 49 81 c4 00 10 00 00 4c 39 a5 30 ff ff ff 72 32 e8 6a 9e 1b fe 0f 1f 00 0f ae e8 45 31 ed <41> 8a 14 24 0f 1f 00 31 ff 44 89 ee 88 95 58 ff ff ff e8 5a 9f 1b 
[  354.242978] RSP: 0018:ffff88019537f688 EFLAGS: 00010246
[  354.248420] RAX: 0000000000040000 RBX: 1ffff10032a6fed3 RCX: ffffc90008246000
[  354.255711] RDX: 00000000000002be RSI: ffffffff8360dbf6 RDI: 0000000000000005
[  354.262975] RBP: ffff88019537f760 R08: ffff8801b6572300 R09: ffffed0034f26e3b
[  354.270231] R10: ffffed0034f26e3b R11: ffff8801a79371db R12: 0000000020011fd2
[  354.277487] R13: 0000000000000000 R14: 0000000000000030 R15: ffff88019537fbc8
[  354.284763]  ? iov_iter_fault_in_readable+0x1b6/0x460
[  354.289965]  ? iov_iter_fault_in_readable+0x1b6/0x460
[  354.295138]  ? copy_page_from_iter+0x890/0x890
[  354.299711]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  354.304731]  ? ktime_get_coarse_real_ts64+0x243/0x3a0
[  354.309905]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  354.315430]  ? timespec64_trunc+0xea/0x180
[  354.319647]  ? inode_init_owner+0x340/0x340
[  354.323952]  generic_perform_write+0x21b/0x6c0
[  354.328537]  ? generic_update_time+0x26a/0x450
[  354.333109]  ? add_page_wait_queue+0x2c0/0x2c0
[  354.337683]  ? file_update_time+0xe4/0x640
[  354.341910]  ? current_time+0x1b0/0x1b0
[  354.345873]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  354.350873]  ? generic_write_checks+0x385/0x5d0
[  354.355539]  ? page_endio+0x630/0x630
[  354.359334]  ? ext4_file_write_iter+0x2a1/0x1430
[  354.364086]  __generic_file_write_iter+0x26e/0x630
[  354.369018]  ext4_file_write_iter+0x390/0x1430
[  354.373618]  ? kernel_text_address+0x79/0xf0
[  354.378042]  ? ext4_file_mmap+0x410/0x410
[  354.382195]  ? __fget+0x4d5/0x740
[  354.386089]  ? ksys_dup3+0x690/0x690
[  354.389801]  ? save_stack+0xa9/0xd0
[  354.393426]  ? save_stack+0x43/0xd0
[  354.397056]  ? __kasan_slab_free+0x11a/0x170
[  354.401459]  ? kasan_slab_free+0xe/0x10
[  354.405425]  ? kmem_cache_free+0x86/0x2d0
[  354.409575]  ? putname+0xf2/0x130
[  354.413018]  ? do_sys_open+0x569/0x720
10:16:53 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000), &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:53 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x40081271, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:53 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:53 executing program 4 (fault-call:11 fault-nth:7):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:53 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(0xffffffffffffffff, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:53 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:53 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x100000000000000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

[  354.416905]  ? do_syscall_64+0x1b9/0x820
[  354.420963]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  354.426346]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  354.431887]  ? iov_iter_init+0xc9/0x1f0
[  354.435868]  __vfs_write+0x6c6/0x9f0
[  354.439599]  ? kernel_read+0x120/0x120
[  354.443497]  ? lock_release+0xa30/0xa30
[  354.447477]  ? check_same_owner+0x340/0x340
[  354.451807]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  354.457344]  ? __sb_start_write+0x17f/0x300
[  354.461684]  vfs_write+0x1fc/0x560
[  354.465238]  ksys_write+0x101/0x260
[  354.468868]  ? __ia32_sys_read+0xb0/0xb0
[  354.472927]  ? filp_open+0x80/0x80
[  354.476466]  ? ksys_ioctl+0x81/0xd0
[  354.480102]  __x64_sys_write+0x73/0xb0
[  354.483993]  do_syscall_64+0x1b9/0x820
[  354.487885]  ? finish_task_switch+0x1d3/0x870
[  354.492383]  ? syscall_return_slowpath+0x5e0/0x5e0
[  354.497317]  ? syscall_return_slowpath+0x31d/0x5e0
[  354.502279]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  354.507300]  ? prepare_exit_to_usermode+0x291/0x3b0
[  354.512325]  ? perf_trace_sys_enter+0xb10/0xb10
[  354.516997]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  354.521850]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  354.527043] RIP: 0033:0x455e29
[  354.530222] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  354.549419] RSP: 002b:00007f713c970c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  354.557137] RAX: ffffffffffffffda RBX: 00007f713c9716d4 RCX: 0000000000455e29
10:16:53 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000180)="025cc8aa6824f9076807673c32ba53d6bb19f15aca944d2980332033af525936479591c504f7c9702217b00e187e858d5f2e279097085fa2aab9d3db7fde74c87bd5c2d1a051c23904c3a9be789b8eb04a72b5c56f3318000000000000000071f3e913d920b9b99fbd57c55020bfcdfe60f2a31e4dcbc847e63b91793b")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:53 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1262, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:53 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

[  354.564437] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015
[  354.571701] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  354.578962] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  354.586223] R13: 00000000004c2f67 R14: 00000000004d4d98 R15: 0000000000000000
10:16:53 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:53 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x5421, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  354.631114] FAULT_INJECTION: forcing a failure.
[  354.631114] name failslab, interval 1, probability 0, space 0, times 0
[  354.642408] CPU: 1 PID: 23167 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  354.650900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  354.660251] Call Trace:
[  354.662852]  dump_stack+0x1c9/0x2b4
[  354.666496]  ? dump_stack_print_info.cold.2+0x52/0x52
[  354.671698]  ? __kernel_text_address+0xd/0x40
[  354.676201]  ? unwind_get_return_address+0x61/0xa0
10:16:53 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x127e, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  354.681491]  should_fail.cold.4+0xa/0x11
[  354.685565]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  354.690680]  ? save_stack+0xa9/0xd0
[  354.694316]  ? kasan_kmalloc+0xc4/0xe0
[  354.698209]  ? kasan_slab_alloc+0x12/0x20
[  354.702367]  ? kmem_cache_alloc+0x12e/0x760
[  354.706696]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  354.711568]  ? kvm_mmu_load+0x21/0x10e0
[  354.715549]  ? vcpu_enter_guest+0x3aa6/0x6090
[  354.720055]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  354.725085]  ? do_vfs_ioctl+0x1de/0x1720
10:16:53 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:53 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1276, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  354.729155]  ? ksys_ioctl+0xa9/0xd0
[  354.732831]  ? __x64_sys_ioctl+0x73/0xb0
[  354.737158]  ? do_syscall_64+0x1b9/0x820
[  354.741230]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  354.746607]  ? lock_acquire+0x1e4/0x540
[  354.750585]  ? percpu_ref_put_many+0x119/0x240
[  354.755173]  ? lock_downgrade+0x8f0/0x8f0
[  354.759338]  ? lock_acquire+0x1e4/0x540
[  354.763321]  ? fs_reclaim_acquire+0x20/0x20
[  354.767652]  ? lock_downgrade+0x8f0/0x8f0
[  354.771809]  ? check_same_owner+0x340/0x340
[  354.776137]  ? rcu_note_context_switch+0x730/0x730
10:16:53 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x5451, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  354.781074]  ? kasan_unpoison_shadow+0x35/0x50
[  354.785668]  __should_failslab+0x124/0x180
[  354.789914]  should_failslab+0x9/0x14
[  354.793723]  kmem_cache_alloc+0x2af/0x760
[  354.797873]  ? kvm_clock_read+0x25/0x30
[  354.801851]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  354.807311]  ? ktime_get_with_offset+0x32e/0x4b0
[  354.812069]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  354.816917]  mmu_topup_memory_caches+0xf7/0x3a0
[  354.821688]  kvm_mmu_load+0x21/0x10e0
[  354.825509]  ? kasan_check_write+0x14/0x20
[  354.829754]  ? do_raw_spin_lock+0xc1/0x200
[  354.834044]  vcpu_enter_guest+0x3aa6/0x6090
[  354.838380]  ? kvm_set_msr_common+0x26a0/0x26a0
[  354.843054]  ? lock_acquire+0x1e4/0x540
[  354.847041]  ? vmx_vcpu_load+0xadf/0xff0
[  354.851112]  ? trace_hardirqs_on+0x10/0x10
[  354.855352]  ? vmx_vcpu_reset+0x1040/0x1040
[  354.859683]  ? find_get_entries_tag+0x1410/0x1410
[  354.864551]  ? lock_acquire+0x1e4/0x540
[  354.868530]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  354.873573]  ? lock_release+0xa30/0xa30
[  354.877539]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  354.882806]  ? kvm_arch_dev_ioctl+0x610/0x610
[  354.887305]  ? preempt_notifier_dec+0x20/0x20
[  354.891825]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  354.896703]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  354.901908]  kvm_vcpu_ioctl+0x7b8/0x1300
[  354.905969]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  354.911685]  ? lock_acquire+0x1e4/0x540
[  354.915649]  ? __fget+0x4ac/0x740
[  354.919191]  ? lock_downgrade+0x8f0/0x8f0
[  354.923325]  ? lock_release+0xa30/0xa30
[  354.927286]  ? pid_task+0x115/0x200
[  354.930897]  ? find_vpid+0xf0/0xf0
[  354.934424]  ? __f_unlock_pos+0x19/0x20
[  354.938387]  ? __fget+0x4d5/0x740
[  354.941840]  ? ksys_dup3+0x690/0x690
[  354.945568]  ? kasan_check_write+0x14/0x20
[  354.949810]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  354.954754]  ? fsnotify+0xbac/0x14e0
[  354.958486]  ? vfs_write+0x2f3/0x560
[  354.962297]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  354.967997]  do_vfs_ioctl+0x1de/0x1720
[  354.971904]  ? fsnotify_first_mark+0x350/0x350
[  354.976482]  ? __fsnotify_parent+0xcc/0x420
[  354.980796]  ? ioctl_preallocate+0x300/0x300
[  354.985198]  ? __fget_light+0x2f7/0x440
[  354.989171]  ? fget_raw+0x20/0x20
[  354.992623]  ? __sb_end_write+0xac/0xe0
[  354.996599]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  355.002124]  ? fput+0x130/0x1a0
[  355.005391]  ? ksys_write+0x1ae/0x260
[  355.009191]  ? security_file_ioctl+0x94/0xc0
[  355.013617]  ksys_ioctl+0xa9/0xd0
[  355.017078]  __x64_sys_ioctl+0x73/0xb0
[  355.020954]  do_syscall_64+0x1b9/0x820
[  355.024828]  ? syscall_slow_exit_work+0x500/0x500
[  355.029660]  ? syscall_return_slowpath+0x5e0/0x5e0
[  355.034606]  ? syscall_return_slowpath+0x31d/0x5e0
[  355.039531]  ? prepare_exit_to_usermode+0x291/0x3b0
[  355.044536]  ? perf_trace_sys_enter+0xb10/0xb10
[  355.049208]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  355.054051]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  355.059238] RIP: 0033:0x455e29
[  355.062415] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  355.081580] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  355.089983] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  355.097255] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  355.104524] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  355.111786] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  355.119049] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000007
10:16:56 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000), &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:56 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:56 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0xc020660b, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:56 executing program 4 (fault-call:11 fault-nth:8):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:56 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(0xffffffffffffffff, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:56 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x3000000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:56 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:56 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000040)=0x80000000, 0x4)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
ioctl(r2, 0x5, &(0x7f0000000100)="503dd9da0068fc7419d51518b11bc00d88b9b2296e55ddecf3b4c74788b54f80e571bf41d639743ef70581d4e1c6dcc87b61a4")
tkill(r3, 0x1004000000016)
close(r1)

10:16:56 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x40101283, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:56 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

[  357.554646] FAULT_INJECTION: forcing a failure.
[  357.554646] name failslab, interval 1, probability 0, space 0, times 0
[  357.566046] CPU: 0 PID: 23224 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  357.574454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  357.583811] Call Trace:
[  357.586407]  dump_stack+0x1c9/0x2b4
[  357.590044]  ? dump_stack_print_info.cold.2+0x52/0x52
[  357.595242]  ? __kernel_text_address+0xd/0x40
[  357.599755]  ? unwind_get_return_address+0x61/0xa0
10:16:56 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:56 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0xc0045877, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  357.604707]  should_fail.cold.4+0xa/0x11
[  357.608780]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  357.613906]  ? save_stack+0xa9/0xd0
[  357.617560]  ? kasan_kmalloc+0xc4/0xe0
[  357.621555]  ? kasan_slab_alloc+0x12/0x20
[  357.625711]  ? kmem_cache_alloc+0x12e/0x760
[  357.630038]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  357.634891]  ? kvm_mmu_load+0x21/0x10e0
[  357.638879]  ? vcpu_enter_guest+0x3aa6/0x6090
[  357.643384]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  357.648403]  ? do_vfs_ioctl+0x1de/0x1720
10:16:56 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x401870c8, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:56 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

[  357.652468]  ? ksys_ioctl+0xa9/0xd0
[  357.656100]  ? __x64_sys_ioctl+0x73/0xb0
[  357.660166]  ? do_syscall_64+0x1b9/0x820
[  357.664233]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  357.669601]  ? lock_acquire+0x1e4/0x540
[  357.673581]  ? percpu_ref_put_many+0x119/0x240
[  357.678168]  ? lock_downgrade+0x8f0/0x8f0
[  357.682330]  ? lock_acquire+0x1e4/0x540
[  357.686317]  ? fs_reclaim_acquire+0x20/0x20
[  357.690649]  ? lock_downgrade+0x8f0/0x8f0
[  357.694808]  ? check_same_owner+0x340/0x340
[  357.699138]  ? rcu_note_context_switch+0x730/0x730
10:16:56 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0xc0189436, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:56 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x0, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

[  357.704090]  ? kasan_unpoison_shadow+0x35/0x50
[  357.709133]  __should_failslab+0x124/0x180
[  357.713379]  should_failslab+0x9/0x14
[  357.717205]  kmem_cache_alloc+0x2af/0x760
[  357.721354]  ? kvm_clock_read+0x25/0x30
[  357.725337]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  357.730359]  ? ktime_get_with_offset+0x32e/0x4b0
[  357.735131]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  357.739979]  mmu_topup_memory_caches+0xf7/0x3a0
[  357.744663]  kvm_mmu_load+0x21/0x10e0
[  357.748478]  ? kasan_check_write+0x14/0x20
[  357.752718]  ? do_raw_spin_lock+0xc1/0x200
[  357.756960]  vcpu_enter_guest+0x3aa6/0x6090
[  357.761304]  ? kvm_set_msr_common+0x26a0/0x26a0
[  357.765988]  ? lock_acquire+0x1e4/0x540
[  357.769965]  ? vmx_vcpu_load+0xadf/0xff0
[  357.774034]  ? trace_hardirqs_on+0x10/0x10
[  357.778280]  ? vmx_vcpu_reset+0x1040/0x1040
[  357.782607]  ? find_get_entries_tag+0x1410/0x1410
[  357.787469]  ? lock_acquire+0x1e4/0x540
[  357.791446]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  357.796467]  ? lock_release+0xa30/0xa30
[  357.800444]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  357.805720]  ? kvm_arch_dev_ioctl+0x610/0x610
[  357.810326]  ? preempt_notifier_dec+0x20/0x20
[  357.814823]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  357.819651]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  357.824662]  kvm_vcpu_ioctl+0x7b8/0x1300
[  357.828713]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  357.834439]  ? lock_acquire+0x1e4/0x540
[  357.838413]  ? __fget+0x4ac/0x740
[  357.841855]  ? lock_downgrade+0x8f0/0x8f0
[  357.845986]  ? lock_release+0xa30/0xa30
[  357.849946]  ? pid_task+0x115/0x200
[  357.853557]  ? find_vpid+0xf0/0xf0
[  357.857079]  ? __f_unlock_pos+0x19/0x20
[  357.861060]  ? __fget+0x4d5/0x740
[  357.864614]  ? ksys_dup3+0x690/0x690
[  357.868321]  ? kasan_check_write+0x14/0x20
[  357.872538]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  357.877460]  ? fsnotify+0xbac/0x14e0
[  357.881164]  ? vfs_write+0x2f3/0x560
[  357.884864]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  357.890573]  do_vfs_ioctl+0x1de/0x1720
[  357.894447]  ? fsnotify_first_mark+0x350/0x350
[  357.899015]  ? __fsnotify_parent+0xcc/0x420
[  357.903330]  ? ioctl_preallocate+0x300/0x300
[  357.907722]  ? __fget_light+0x2f7/0x440
[  357.911684]  ? fget_raw+0x20/0x20
[  357.915120]  ? __sb_end_write+0xac/0xe0
[  357.919081]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  357.924608]  ? fput+0x130/0x1a0
[  357.927883]  ? ksys_write+0x1ae/0x260
[  357.931691]  ? security_file_ioctl+0x94/0xc0
[  357.936081]  ksys_ioctl+0xa9/0xd0
[  357.939525]  __x64_sys_ioctl+0x73/0xb0
[  357.943423]  do_syscall_64+0x1b9/0x820
[  357.947301]  ? finish_task_switch+0x1d3/0x870
[  357.951792]  ? syscall_return_slowpath+0x5e0/0x5e0
[  357.956717]  ? syscall_return_slowpath+0x31d/0x5e0
[  357.961636]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  357.966638]  ? prepare_exit_to_usermode+0x291/0x3b0
[  357.971635]  ? perf_trace_sys_enter+0xb10/0xb10
[  357.976286]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  357.981124]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  357.986301] RIP: 0033:0x455e29
[  357.989475] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  358.008630] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  358.016332] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  358.023593] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  358.030864] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  358.038146] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  358.045401] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000008
10:16:59 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(0xffffffffffffffff, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:59 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x127b, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:59 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x0, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:59 executing program 4 (fault-call:11 fault-nth:9):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:16:59 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:59 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:59 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x4000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:16:59 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8916, &(0x7f0000000100)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r3=>0xffffffff}, 0x111, 0x100f}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f0000000380)={0x5, 0x10, 0xfa00, {&(0x7f0000000140), r3, 0x2}}, 0x18)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r4, 0x1004000000016)
close(r1)

10:16:59 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x401070cd, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:16:59 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x0, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:59 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x5460, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  360.603768] FAULT_INJECTION: forcing a failure.
[  360.603768] name failslab, interval 1, probability 0, space 0, times 0
[  360.615139] CPU: 0 PID: 23276 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  360.623611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  360.632963] Call Trace:
[  360.635564]  dump_stack+0x1c9/0x2b4
[  360.639201]  ? dump_stack_print_info.cold.2+0x52/0x52
[  360.644402]  ? __kernel_text_address+0xd/0x40
[  360.648908]  ? unwind_get_return_address+0x61/0xa0
10:16:59 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x4020940d, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  360.653846]  should_fail.cold.4+0xa/0x11
[  360.657919]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  360.663042]  ? save_stack+0xa9/0xd0
[  360.666676]  ? kasan_kmalloc+0xc4/0xe0
[  360.670565]  ? kasan_slab_alloc+0x12/0x20
[  360.674716]  ? kmem_cache_alloc+0x12e/0x760
[  360.679049]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  360.683901]  ? kvm_mmu_load+0x21/0x10e0
[  360.687881]  ? vcpu_enter_guest+0x3aa6/0x6090
[  360.692479]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  360.697501]  ? do_vfs_ioctl+0x1de/0x1720
10:16:59 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x127a, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  360.701572]  ? ksys_ioctl+0xa9/0xd0
[  360.705206]  ? __x64_sys_ioctl+0x73/0xb0
[  360.709274]  ? do_syscall_64+0x1b9/0x820
[  360.713343]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  360.718711]  ? lock_acquire+0x1e4/0x540
[  360.722688]  ? percpu_ref_put_many+0x119/0x240
[  360.727278]  ? lock_downgrade+0x8f0/0x8f0
[  360.731434]  ? lock_acquire+0x1e4/0x540
[  360.735414]  ? fs_reclaim_acquire+0x20/0x20
[  360.739759]  ? lock_downgrade+0x8f0/0x8f0
[  360.743918]  ? check_same_owner+0x340/0x340
[  360.748247]  ? rcu_note_context_switch+0x730/0x730
10:16:59 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x0)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:16:59 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x2, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  360.753189]  ? kasan_unpoison_shadow+0x35/0x50
[  360.757866]  __should_failslab+0x124/0x180
[  360.762108]  should_failslab+0x9/0x14
[  360.765923]  kmem_cache_alloc+0x2af/0x760
[  360.770078]  ? kvm_clock_read+0x25/0x30
[  360.774057]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  360.779090]  ? ktime_get_with_offset+0x32e/0x4b0
[  360.783852]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  360.788706]  mmu_topup_memory_caches+0xf7/0x3a0
[  360.793380]  kvm_mmu_load+0x21/0x10e0
[  360.797185]  ? kasan_check_write+0x14/0x20
10:16:59 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x0)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

[  360.801424]  ? do_raw_spin_lock+0xc1/0x200
[  360.805660]  vcpu_enter_guest+0x3aa6/0x6090
[  360.809989]  ? kvm_set_msr_common+0x26a0/0x26a0
[  360.814663]  ? lock_acquire+0x1e4/0x540
[  360.818639]  ? vmx_vcpu_load+0xadf/0xff0
[  360.822702]  ? trace_hardirqs_on+0x10/0x10
[  360.826941]  ? vmx_vcpu_reset+0x1040/0x1040
[  360.831268]  ? find_get_entries_tag+0x1410/0x1410
[  360.836128]  ? lock_acquire+0x1e4/0x540
[  360.840121]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  360.845145]  ? lock_release+0xa30/0xa30
[  360.849119]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  360.854426]  ? kvm_arch_dev_ioctl+0x610/0x610
[  360.858922]  ? preempt_notifier_dec+0x20/0x20
[  360.863423]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  360.868266]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  360.873279]  kvm_vcpu_ioctl+0x7b8/0x1300
[  360.877327]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  360.883038]  ? lock_acquire+0x1e4/0x540
[  360.886996]  ? __fget+0x4ac/0x740
[  360.890460]  ? lock_downgrade+0x8f0/0x8f0
[  360.894625]  ? lock_release+0xa30/0xa30
[  360.898587]  ? pid_task+0x115/0x200
[  360.902206]  ? find_vpid+0xf0/0xf0
[  360.905747]  ? __f_unlock_pos+0x19/0x20
[  360.909701]  ? __fget+0x4d5/0x740
[  360.913139]  ? ksys_dup3+0x690/0x690
[  360.916842]  ? kasan_check_write+0x14/0x20
[  360.921064]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  360.925975]  ? fsnotify+0xbac/0x14e0
[  360.929727]  ? vfs_write+0x2f3/0x560
[  360.933435]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  360.939150]  do_vfs_ioctl+0x1de/0x1720
[  360.943033]  ? fsnotify_first_mark+0x350/0x350
[  360.947598]  ? __fsnotify_parent+0xcc/0x420
[  360.951903]  ? ioctl_preallocate+0x300/0x300
[  360.956294]  ? __fget_light+0x2f7/0x440
[  360.960249]  ? fget_raw+0x20/0x20
[  360.963685]  ? __sb_end_write+0xac/0xe0
[  360.967655]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  360.973176]  ? fput+0x130/0x1a0
[  360.976435]  ? ksys_write+0x1ae/0x260
[  360.980226]  ? security_file_ioctl+0x94/0xc0
[  360.984621]  ksys_ioctl+0xa9/0xd0
[  360.988065]  __x64_sys_ioctl+0x73/0xb0
[  360.991942]  do_syscall_64+0x1b9/0x820
[  360.995820]  ? finish_task_switch+0x1d3/0x870
[  361.000310]  ? syscall_return_slowpath+0x5e0/0x5e0
[  361.005232]  ? syscall_return_slowpath+0x31d/0x5e0
[  361.010146]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  361.015145]  ? prepare_exit_to_usermode+0x291/0x3b0
[  361.020150]  ? perf_trace_sys_enter+0xb10/0xb10
[  361.024808]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  361.029636]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  361.034804] RIP: 0033:0x455e29
[  361.037975] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  361.057170] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  361.064875] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  361.072129] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  361.079383] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  361.086634] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  361.093928] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000009
10:17:00 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:00 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1265, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:00 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x0)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:00 executing program 4 (fault-call:11 fault-nth:10):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:17:00 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:00 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:00 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xffffffff000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

[  361.507562] FAULT_INJECTION: forcing a failure.
[  361.507562] name failslab, interval 1, probability 0, space 0, times 0
[  361.518902] CPU: 1 PID: 23326 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  361.527311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  361.536677] Call Trace:
[  361.539277]  dump_stack+0x1c9/0x2b4
[  361.542908]  ? dump_stack_print_info.cold.2+0x52/0x52
[  361.548087]  ? __kernel_text_address+0xd/0x40
[  361.552570]  ? unwind_get_return_address+0x61/0xa0
[  361.557486]  should_fail.cold.4+0xa/0x11
[  361.561532]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  361.566622]  ? save_stack+0xa9/0xd0
[  361.570231]  ? kasan_kmalloc+0xc4/0xe0
[  361.574101]  ? kasan_slab_alloc+0x12/0x20
[  361.578240]  ? kmem_cache_alloc+0x12e/0x760
[  361.582562]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  361.587397]  ? kvm_mmu_load+0x21/0x10e0
[  361.591366]  ? vcpu_enter_guest+0x3aa6/0x6090
[  361.595844]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  361.600847]  ? do_vfs_ioctl+0x1de/0x1720
[  361.604895]  ? ksys_ioctl+0xa9/0xd0
[  361.608511]  ? __x64_sys_ioctl+0x73/0xb0
[  361.612644]  ? do_syscall_64+0x1b9/0x820
[  361.616693]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  361.622052]  ? lock_acquire+0x1e4/0x540
[  361.626018]  ? percpu_ref_put_many+0x119/0x240
[  361.630596]  ? lock_downgrade+0x8f0/0x8f0
[  361.634738]  ? lock_acquire+0x1e4/0x540
[  361.638700]  ? fs_reclaim_acquire+0x20/0x20
[  361.643019]  ? lock_downgrade+0x8f0/0x8f0
[  361.647168]  ? check_same_owner+0x340/0x340
[  361.651491]  ? rcu_note_context_switch+0x730/0x730
[  361.656416]  ? kasan_unpoison_shadow+0x35/0x50
[  361.660997]  __should_failslab+0x124/0x180
[  361.665242]  should_failslab+0x9/0x14
[  361.669040]  kmem_cache_alloc+0x2af/0x760
[  361.673175]  ? kasan_check_write+0x14/0x20
[  361.677409]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  361.682258]  mmu_topup_memory_caches+0xf7/0x3a0
[  361.686941]  kvm_mmu_load+0x21/0x10e0
[  361.690736]  ? rcu_note_context_switch+0x730/0x730
[  361.695662]  ? filemap_map_pages+0xca2/0x1990
[  361.700156]  vcpu_enter_guest+0x3aa6/0x6090
[  361.704474]  ? kasan_check_write+0x14/0x20
[  361.708703]  ? __mutex_lock+0x6c4/0x1680
[  361.712753]  ? kvm_set_msr_common+0x26a0/0x26a0
[  361.717447]  ? lock_acquire+0x1e4/0x540
[  361.721421]  ? vmx_vcpu_load+0xadf/0xff0
[  361.725483]  ? trace_hardirqs_on+0x10/0x10
[  361.729713]  ? vmx_vcpu_reset+0x1040/0x1040
[  361.734035]  ? find_get_entries_tag+0x1410/0x1410
[  361.738877]  ? lock_acquire+0x1e4/0x540
[  361.742835]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  361.747847]  ? lock_release+0xa30/0xa30
[  361.751809]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  361.757072]  ? kvm_arch_dev_ioctl+0x610/0x610
[  361.761553]  ? preempt_notifier_dec+0x20/0x20
[  361.766040]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  361.770870]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  361.775899]  kvm_vcpu_ioctl+0x7b8/0x1300
[  361.779974]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  361.785714]  ? lock_acquire+0x1e4/0x540
[  361.789672]  ? __fget+0x4ac/0x740
[  361.793116]  ? lock_downgrade+0x8f0/0x8f0
[  361.797255]  ? lock_release+0xa30/0xa30
[  361.801212]  ? pid_task+0x115/0x200
[  361.804821]  ? find_vpid+0xf0/0xf0
[  361.808344]  ? __f_unlock_pos+0x19/0x20
[  361.812317]  ? __fget+0x4d5/0x740
[  361.815752]  ? ksys_dup3+0x690/0x690
[  361.819455]  ? kasan_check_write+0x14/0x20
[  361.823700]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  361.828615]  ? fsnotify+0xbac/0x14e0
[  361.832309]  ? vfs_write+0x2f3/0x560
[  361.836019]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  361.841720]  do_vfs_ioctl+0x1de/0x1720
[  361.845592]  ? fsnotify_first_mark+0x350/0x350
[  361.850160]  ? __fsnotify_parent+0xcc/0x420
[  361.854474]  ? ioctl_preallocate+0x300/0x300
[  361.858883]  ? __fget_light+0x2f7/0x440
[  361.862848]  ? fget_raw+0x20/0x20
[  361.866285]  ? __sb_end_write+0xac/0xe0
[  361.870256]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  361.875779]  ? fput+0x130/0x1a0
[  361.879043]  ? ksys_write+0x1ae/0x260
[  361.882826]  ? security_file_ioctl+0x94/0xc0
[  361.887222]  ksys_ioctl+0xa9/0xd0
[  361.890661]  __x64_sys_ioctl+0x73/0xb0
[  361.894533]  do_syscall_64+0x1b9/0x820
[  361.898424]  ? finish_task_switch+0x1d3/0x870
[  361.902936]  ? syscall_return_slowpath+0x5e0/0x5e0
[  361.907861]  ? syscall_return_slowpath+0x31d/0x5e0
[  361.912791]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  361.917813]  ? prepare_exit_to_usermode+0x291/0x3b0
[  361.922826]  ? perf_trace_sys_enter+0xb10/0xb10
[  361.927480]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  361.932313]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  361.937495] RIP: 0033:0x455e29
10:17:00 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000100)={{{@in6=@mcast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@loopback}, 0x0, @in=@rand_addr}}, &(0x7f0000000200)=0xe8)
getgroups(0x7, &(0x7f0000000240)=[<r4=>0xee01, 0x0, 0xee01, 0x0, 0x0, 0xee01, 0xffffffffffffffff])
write$P9_RGETATTR(r2, &(0x7f0000000280)={0xa0, 0x19, 0xab, {0x2b05, {0x40, 0x1, 0x2}, 0x2, r3, r4, 0x3c8, 0x1000, 0x8, 0x4, 0x9e3, 0x7, 0x32b9634f, 0x3, 0x7, 0x7, 0x2f, 0x2, 0x20, 0x7fff, 0x7f}}, 0xa0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r5 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
unlink(&(0x7f0000000040)='./control/file0\x00')
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r5, 0x1004000000016)
close(r1)

10:17:00 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1278, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:00 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(0xffffffffffffffff, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:00 executing program 4 (fault-call:11 fault-nth:11):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

[  361.940682] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  361.959863] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  361.967570] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  361.974832] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  361.982089] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  361.989348] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  361.996602] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 000000000000000a
10:17:01 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x125d, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:01 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(0xffffffffffffffff, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

[  362.080396] FAULT_INJECTION: forcing a failure.
[  362.080396] name failslab, interval 1, probability 0, space 0, times 0
[  362.091799] CPU: 1 PID: 23354 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  362.100225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  362.109596] Call Trace:
[  362.112194]  dump_stack+0x1c9/0x2b4
[  362.115833]  ? dump_stack_print_info.cold.2+0x52/0x52
[  362.121033]  ? __kernel_text_address+0xd/0x40
[  362.125551]  ? unwind_get_return_address+0x61/0xa0
10:17:01 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x5450, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:01 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(0xffffffffffffffff, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

[  362.130497]  should_fail.cold.4+0xa/0x11
[  362.134570]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  362.139684]  ? save_stack+0xa9/0xd0
[  362.143348]  ? kasan_kmalloc+0xc4/0xe0
[  362.147243]  ? kasan_slab_alloc+0x12/0x20
[  362.151417]  ? kmem_cache_alloc+0x12e/0x760
[  362.155758]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  362.160614]  ? kvm_mmu_load+0x21/0x10e0
[  362.164596]  ? vcpu_enter_guest+0x3aa6/0x6090
[  362.169097]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  362.174116]  ? do_vfs_ioctl+0x1de/0x1720
10:17:01 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x80081270, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  362.178181]  ? ksys_ioctl+0xa9/0xd0
[  362.181812]  ? __x64_sys_ioctl+0x73/0xb0
[  362.185883]  ? do_syscall_64+0x1b9/0x820
[  362.190046]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  362.195433]  ? lock_acquire+0x1e4/0x540
[  362.199420]  ? percpu_ref_put_many+0x119/0x240
[  362.204021]  ? lock_downgrade+0x8f0/0x8f0
[  362.208204]  ? lock_acquire+0x1e4/0x540
[  362.212184]  ? fs_reclaim_acquire+0x20/0x20
[  362.216509]  ? lock_downgrade+0x8f0/0x8f0
[  362.220665]  ? check_same_owner+0x340/0x340
[  362.224992]  ? rcu_note_context_switch+0x730/0x730
[  362.229933]  ? kasan_unpoison_shadow+0x35/0x50
[  362.234526]  __should_failslab+0x124/0x180
[  362.238771]  should_failslab+0x9/0x14
[  362.242583]  kmem_cache_alloc+0x2af/0x760
[  362.246742]  ? kasan_check_write+0x14/0x20
[  362.250990]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  362.255846]  mmu_topup_memory_caches+0xf7/0x3a0
[  362.260513]  kvm_mmu_load+0x21/0x10e0
[  362.264297]  ? rcu_note_context_switch+0x730/0x730
[  362.269213]  ? filemap_map_pages+0xca2/0x1990
[  362.273697]  vcpu_enter_guest+0x3aa6/0x6090
[  362.278013]  ? kasan_check_write+0x14/0x20
[  362.282251]  ? __mutex_lock+0x6c4/0x1680
[  362.286324]  ? kvm_set_msr_common+0x26a0/0x26a0
[  362.290990]  ? lock_acquire+0x1e4/0x540
[  362.294971]  ? vmx_vcpu_load+0xadf/0xff0
[  362.299037]  ? trace_hardirqs_on+0x10/0x10
[  362.303446]  ? vmx_vcpu_reset+0x1040/0x1040
[  362.307768]  ? find_get_entries_tag+0x1410/0x1410
[  362.312623]  ? lock_acquire+0x1e4/0x540
[  362.316600]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  362.321971]  ? lock_release+0xa30/0xa30
[  362.325951]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
10:17:01 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:01 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x0, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:01 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1267, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:01 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:01 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

[  362.331234]  ? kvm_arch_dev_ioctl+0x610/0x610
[  362.335734]  ? preempt_notifier_dec+0x20/0x20
[  362.340240]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  362.345087]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  362.350383]  kvm_vcpu_ioctl+0x7b8/0x1300
[  362.354456]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  362.360169]  ? lock_acquire+0x1e4/0x540
[  362.364157]  ? __fget+0x4ac/0x740
[  362.367612]  ? lock_downgrade+0x8f0/0x8f0
[  362.371770]  ? lock_release+0xa30/0xa30
[  362.375750]  ? pid_task+0x115/0x200
10:17:01 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x2, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

[  362.379384]  ? find_vpid+0xf0/0xf0
[  362.383101]  ? __f_unlock_pos+0x19/0x20
[  362.387265]  ? __fget+0x4d5/0x740
[  362.390722]  ? ksys_dup3+0x690/0x690
[  362.394531]  ? kasan_check_write+0x14/0x20
[  362.398776]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  362.403708]  ? fsnotify+0xbac/0x14e0
[  362.407426]  ? vfs_write+0x2f3/0x560
[  362.411158]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  362.416883]  do_vfs_ioctl+0x1de/0x1720
[  362.420772]  ? fsnotify_first_mark+0x350/0x350
[  362.425352]  ? __fsnotify_parent+0xcc/0x420
10:17:01 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x0, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

[  362.429691]  ? ioctl_preallocate+0x300/0x300
[  362.434099]  ? __fget_light+0x2f7/0x440
[  362.438073]  ? fget_raw+0x20/0x20
[  362.441529]  ? __sb_end_write+0xac/0xe0
[  362.445506]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  362.451045]  ? fput+0x130/0x1a0
[  362.454324]  ? ksys_write+0x1ae/0x260
[  362.458130]  ? security_file_ioctl+0x94/0xc0
[  362.462547]  ksys_ioctl+0xa9/0xd0
[  362.466016]  __x64_sys_ioctl+0x73/0xb0
[  362.469909]  do_syscall_64+0x1b9/0x820
[  362.473802]  ? syscall_slow_exit_work+0x500/0x500
[  362.478754]  ? syscall_return_slowpath+0x5e0/0x5e0
[  362.483689]  ? syscall_return_slowpath+0x31d/0x5e0
[  362.488640]  ? prepare_exit_to_usermode+0x291/0x3b0
[  362.493661]  ? perf_trace_sys_enter+0xb10/0xb10
[  362.498332]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  362.503188]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  362.508390] RIP: 0033:0x455e29
[  362.511571] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  362.530866] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  362.538591] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  362.545868] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  362.553344] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  362.560803] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  362.568077] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 000000000000000b
10:17:01 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x0, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:01 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x401870cc, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:01 executing program 4 (fault-call:11 fault-nth:12):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:17:01 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
r1 = fcntl$getown(r0, 0x9)
capget(&(0x7f0000000180)={0x19980330, r1}, &(0x7f00000001c0)={0xd73, 0x3, 0xfffffffffffffff9, 0x6, 0x0, 0x9})
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x0, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0x4010ae68, &(0x7f0000000140)={0x4, 0x1000})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r4, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r5 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r4, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r5, 0x1004000000016)
accept4$packet(r3, &(0x7f0000000340)={0x0, 0x0, <r6=>0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000380)=0x14, 0x80000)
connect$can_bcm(r4, &(0x7f00000003c0)={0x1d, r6}, 0x10)
close(r2)
connect$l2tp(r4, &(0x7f0000000040)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x2, 0x4, 0x3, 0x2, {0xa, 0x4e24, 0x800, @empty, 0xfffffffffffffffc}}}, 0x32)

10:17:01 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1274, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:01 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x301, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:02 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x127f, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  363.033918] FAULT_INJECTION: forcing a failure.
[  363.033918] name failslab, interval 1, probability 0, space 0, times 0
[  363.045487] CPU: 1 PID: 23419 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  363.054278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  363.063765] Call Trace:
[  363.066379]  dump_stack+0x1c9/0x2b4
[  363.070038]  ? dump_stack_print_info.cold.2+0x52/0x52
[  363.075242]  ? __kernel_text_address+0xd/0x40
10:17:02 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x125e, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:02 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1279, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  363.080443]  ? unwind_get_return_address+0x61/0xa0
[  363.085392]  should_fail.cold.4+0xa/0x11
[  363.090504]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  363.095625]  ? save_stack+0xa9/0xd0
[  363.099267]  ? kasan_kmalloc+0xc4/0xe0
[  363.103166]  ? kasan_slab_alloc+0x12/0x20
[  363.107335]  ? kmem_cache_alloc+0x12e/0x760
[  363.111676]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  363.116530]  ? kvm_mmu_load+0x21/0x10e0
[  363.120524]  ? vcpu_enter_guest+0x3aa6/0x6090
[  363.125036]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  363.130068]  ? do_vfs_ioctl+0x1de/0x1720
[  363.134146]  ? ksys_ioctl+0xa9/0xd0
[  363.137786]  ? __x64_sys_ioctl+0x73/0xb0
[  363.141859]  ? do_syscall_64+0x1b9/0x820
[  363.145930]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  363.151413]  ? lock_acquire+0x1e4/0x540
[  363.155396]  ? percpu_ref_put_many+0x119/0x240
[  363.159992]  ? lock_downgrade+0x8f0/0x8f0
[  363.164143]  ? lock_acquire+0x1e4/0x540
[  363.168117]  ? fs_reclaim_acquire+0x20/0x20
[  363.172423]  ? lock_downgrade+0x8f0/0x8f0
[  363.176582]  ? check_same_owner+0x340/0x340
[  363.180922]  ? rcu_note_context_switch+0x730/0x730
[  363.185849]  ? kasan_unpoison_shadow+0x35/0x50
[  363.190430]  __should_failslab+0x124/0x180
[  363.194862]  should_failslab+0x9/0x14
[  363.198672]  kmem_cache_alloc+0x2af/0x760
[  363.202831]  ? kasan_check_write+0x14/0x20
[  363.207068]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  363.211907]  mmu_topup_memory_caches+0xf7/0x3a0
[  363.216568]  kvm_mmu_load+0x21/0x10e0
[  363.220455]  ? rcu_note_context_switch+0x730/0x730
[  363.225407]  ? filemap_map_pages+0xca2/0x1990
[  363.229913]  vcpu_enter_guest+0x3aa6/0x6090
[  363.234256]  ? kasan_check_write+0x14/0x20
[  363.238500]  ? __mutex_lock+0x6c4/0x1680
[  363.242562]  ? kvm_set_msr_common+0x26a0/0x26a0
[  363.247228]  ? lock_acquire+0x1e4/0x540
[  363.251377]  ? vmx_vcpu_load+0xadf/0xff0
[  363.255431]  ? trace_hardirqs_on+0x10/0x10
[  363.259659]  ? vmx_vcpu_reset+0x1040/0x1040
[  363.263990]  ? find_get_entries_tag+0x1410/0x1410
[  363.268856]  ? lock_acquire+0x1e4/0x540
[  363.272839]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  363.277872]  ? lock_release+0xa30/0xa30
10:17:02 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:02 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1261, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:02 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x0, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:02 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(0x0, 0x1004000000016)
close(r1)

[  363.281853]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  363.287140]  ? kvm_arch_dev_ioctl+0x610/0x610
[  363.291661]  ? preempt_notifier_dec+0x20/0x20
[  363.296169]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  363.301018]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  363.306044]  kvm_vcpu_ioctl+0x7b8/0x1300
[  363.310109]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  363.315831]  ? lock_acquire+0x1e4/0x540
[  363.319805]  ? __fget+0x4ac/0x740
[  363.323267]  ? lock_downgrade+0x8f0/0x8f0
[  363.327424]  ? lock_release+0xa30/0xa30
[  363.331399]  ? pid_task+0x115/0x200
[  363.335041]  ? find_vpid+0xf0/0xf0
[  363.338586]  ? __f_unlock_pos+0x19/0x20
[  363.342565]  ? __fget+0x4d5/0x740
[  363.346024]  ? ksys_dup3+0x690/0x690
[  363.349744]  ? kasan_check_write+0x14/0x20
[  363.353981]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  363.358899]  ? fsnotify+0xbac/0x14e0
[  363.362595]  ? vfs_write+0x2f3/0x560
[  363.366298]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  363.371990]  do_vfs_ioctl+0x1de/0x1720
[  363.375870]  ? fsnotify_first_mark+0x350/0x350
[  363.380457]  ? __fsnotify_parent+0xcc/0x420
10:17:02 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

[  363.384779]  ? ioctl_preallocate+0x300/0x300
[  363.389184]  ? __fget_light+0x2f7/0x440
[  363.393175]  ? fget_raw+0x20/0x20
[  363.396628]  ? __sb_end_write+0xac/0xe0
[  363.400604]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  363.406262]  ? fput+0x130/0x1a0
[  363.409566]  ? ksys_write+0x1ae/0x260
[  363.413379]  ? security_file_ioctl+0x94/0xc0
[  363.417804]  ksys_ioctl+0xa9/0xd0
[  363.421269]  __x64_sys_ioctl+0x73/0xb0
[  363.425178]  do_syscall_64+0x1b9/0x820
[  363.429082]  ? syscall_return_slowpath+0x5e0/0x5e0
[  363.434037]  ? syscall_return_slowpath+0x31d/0x5e0
[  363.438984]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  363.444017]  ? prepare_exit_to_usermode+0x291/0x3b0
[  363.449043]  ? perf_trace_sys_enter+0xb10/0xb10
[  363.453719]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  363.458571]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  363.463757] RIP: 0033:0x455e29
[  363.466939] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
10:17:02 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x3, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:02 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x0, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:02 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x0, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

[  363.486202] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  363.493947] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  363.501247] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  363.508544] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  363.515830] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  363.523114] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 000000000000000c
10:17:02 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x127d, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:02 executing program 4 (fault-call:11 fault-nth:13):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

[  363.632513] FAULT_INJECTION: forcing a failure.
[  363.632513] name failslab, interval 1, probability 0, space 0, times 0
[  363.643810] CPU: 1 PID: 23477 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  363.652219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  363.661574] Call Trace:
[  363.664170]  dump_stack+0x1c9/0x2b4
[  363.667814]  ? dump_stack_print_info.cold.2+0x52/0x52
[  363.673033]  ? __kernel_text_address+0xd/0x40
[  363.677528]  ? unwind_get_return_address+0x61/0xa0
[  363.682458]  should_fail.cold.4+0xa/0x11
[  363.686516]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  363.691608]  ? save_stack+0xa9/0xd0
[  363.695238]  ? kasan_kmalloc+0xc4/0xe0
[  363.699115]  ? kasan_slab_alloc+0x12/0x20
[  363.703277]  ? kmem_cache_alloc+0x12e/0x760
[  363.707697]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  363.712543]  ? kvm_mmu_load+0x21/0x10e0
[  363.716510]  ? vcpu_enter_guest+0x3aa6/0x6090
[  363.720994]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  363.726447]  ? do_vfs_ioctl+0x1de/0x1720
[  363.730499]  ? ksys_ioctl+0xa9/0xd0
[  363.734112]  ? __x64_sys_ioctl+0x73/0xb0
[  363.738170]  ? do_syscall_64+0x1b9/0x820
[  363.742227]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  363.747580]  ? lock_acquire+0x1e4/0x540
[  363.751541]  ? percpu_ref_put_many+0x119/0x240
[  363.756115]  ? lock_downgrade+0x8f0/0x8f0
[  363.760252]  ? lock_acquire+0x1e4/0x540
[  363.764275]  ? fs_reclaim_acquire+0x20/0x20
[  363.768588]  ? lock_downgrade+0x8f0/0x8f0
[  363.772725]  ? check_same_owner+0x340/0x340
[  363.777039]  ? rcu_note_context_switch+0x730/0x730
[  363.781974]  ? kasan_unpoison_shadow+0x35/0x50
[  363.786557]  __should_failslab+0x124/0x180
[  363.790785]  should_failslab+0x9/0x14
[  363.794568]  kmem_cache_alloc+0x2af/0x760
[  363.798703]  ? kasan_check_write+0x14/0x20
[  363.802928]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  363.807755]  mmu_topup_memory_caches+0xf7/0x3a0
[  363.812450]  kvm_mmu_load+0x21/0x10e0
[  363.816242]  ? rcu_note_context_switch+0x730/0x730
[  363.821168]  ? filemap_map_pages+0xca2/0x1990
[  363.825659]  vcpu_enter_guest+0x3aa6/0x6090
[  363.829972]  ? kasan_check_write+0x14/0x20
[  363.834206]  ? __mutex_lock+0x6c4/0x1680
[  363.838260]  ? kvm_set_msr_common+0x26a0/0x26a0
[  363.842910]  ? lock_acquire+0x1e4/0x540
[  363.846864]  ? vmx_vcpu_load+0xadf/0xff0
[  363.850917]  ? trace_hardirqs_on+0x10/0x10
[  363.855149]  ? vmx_vcpu_reset+0x1040/0x1040
[  363.859472]  ? find_get_entries_tag+0x1410/0x1410
[  363.864316]  ? lock_acquire+0x1e4/0x540
[  363.868274]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  363.873284]  ? lock_release+0xa30/0xa30
[  363.877251]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  363.882512]  ? kvm_arch_dev_ioctl+0x610/0x610
[  363.886987]  ? preempt_notifier_dec+0x20/0x20
[  363.891468]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  363.896301]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  363.901305]  kvm_vcpu_ioctl+0x7b8/0x1300
[  363.905356]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  363.911057]  ? lock_acquire+0x1e4/0x540
[  363.915020]  ? __fget+0x4ac/0x740
[  363.918555]  ? lock_downgrade+0x8f0/0x8f0
[  363.922695]  ? lock_release+0xa30/0xa30
[  363.926655]  ? pid_task+0x115/0x200
[  363.930281]  ? find_vpid+0xf0/0xf0
[  363.933815]  ? __f_unlock_pos+0x19/0x20
[  363.937786]  ? __fget+0x4d5/0x740
[  363.941233]  ? ksys_dup3+0x690/0x690
[  363.944937]  ? kasan_check_write+0x14/0x20
[  363.949161]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  363.954081]  ? fsnotify+0xbac/0x14e0
[  363.957775]  ? vfs_write+0x2f3/0x560
[  363.961475]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  363.967171]  do_vfs_ioctl+0x1de/0x1720
[  363.971052]  ? fsnotify_first_mark+0x350/0x350
[  363.975628]  ? __fsnotify_parent+0xcc/0x420
[  363.980460]  ? ioctl_preallocate+0x300/0x300
[  363.984862]  ? __fget_light+0x2f7/0x440
[  363.988833]  ? fget_raw+0x20/0x20
[  363.992287]  ? __sb_end_write+0xac/0xe0
[  363.996271]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  364.001798]  ? fput+0x130/0x1a0
[  364.005077]  ? ksys_write+0x1ae/0x260
[  364.008880]  ? security_file_ioctl+0x94/0xc0
[  364.013284]  ksys_ioctl+0xa9/0xd0
[  364.016741]  __x64_sys_ioctl+0x73/0xb0
[  364.021934]  do_syscall_64+0x1b9/0x820
[  364.025820]  ? finish_task_switch+0x1d3/0x870
[  364.030308]  ? syscall_return_slowpath+0x5e0/0x5e0
[  364.035242]  ? syscall_return_slowpath+0x31d/0x5e0
[  364.040165]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  364.045184]  ? prepare_exit_to_usermode+0x291/0x3b0
[  364.050214]  ? perf_trace_sys_enter+0xb10/0xb10
[  364.054892]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  364.059722]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  364.065327] RIP: 0033:0x455e29
10:17:03 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0xfffffffffffffffd, 0x0, 0x8, @tick, {0x2}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0xfffffffffffffffc, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000040))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
getpeername$packet(r2, &(0x7f00000018c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000001900)=0x14)
tkill(r3, 0x1004000000016)
getsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, &(0x7f00000015c0), &(0x7f0000001600)=0xc)
close(r1)
syz_mount_image$reiserfs(&(0x7f0000001640)='reiserfs\x00', &(0x7f0000001680)='./control\x00', 0x8bd6, 0x2, &(0x7f0000001800)=[{&(0x7f00000016c0)="3f1f196ad68dfd3b31e3d6c1e04dd662bc", 0x11, 0x511}, {&(0x7f0000001700)="5eaf254d516d6f1438b008e89ca4b63201bb0c02050e9b43007015d5d94b0db52bd39f7ed0d46981bcacfa5a284c348d752ecc101a2ad2ccf28afb484e0dfd66d30f84ca13721bd566cd1b7a36b22ff574dcfcfef7a78ea0fdcc4e373300b6f4469c8cbee6495d799738e6e845599b4fad7aefd155e172d53ecf86f30f3c00cf163c09551d17e02bc33547d05ebceb158bba2684a8882dfc01300afbd24d1f54772c36166ab2dcb47ddd40b68077f14c3279c65bf74bb75d0858e1017a9a3067b086205428c4e19ffeef8e2d21240fd32fe431deb8d79fd37f6e527a84b3254474e71c", 0xe3, 0x3}], 0x400, &(0x7f0000001840)=ANY=[@ANYBLOB='acl,nouser_xattr,hash=r5,nolargeio,jqfmt=vfsvp,hash=tea,block-allocator=notest4,\x00'])
sendmsg$nfc_llcp(r2, &(0x7f0000001580)={&(0x7f0000000140)={0x27, 0x1, 0x2, 0x7, 0x7f, 0x1, "59c7275d4be9c959d388eb66b17a120291f1c05d392dc0e0052a60b80e374ec54b57111b5826b398653b9d497b8174295220e809ccbf65221e3f51b830752c", 0x29}, 0x60, &(0x7f00000014c0)=[{&(0x7f00000001c0)="7734723549311a4b6c613b06722dfb6262c0c11cd666130e524a9eb843db00ddfdf338927ccf2a62fa99bbe112cb7cdb5f889b0e55a4126b1abfa3b7182252982648013fa80c0a3281a299442937be860cf71281a54927c39c0c9afa9f8d00112c86904408a9d947ab69926924c8cfee5c1da9d172cf5d2354967f348b1ca86a24a791cf01f35ebed3", 0x89}, {&(0x7f0000000280)="c4d9e372d775611eda7e8310456f3fdbffa153d3574fa303a6bf497c344add0d2d31b4d77a843974f1be014bbd21924a160ae21cbaa7799c8196d09bedba67f6eb76e1c3e26c52cd6e2bb256917fb986a4227739ee95b47c1556c856a0c84c26189e7d1496b44dd4d5f010f627ba64717c96981f69fb9e057ee30092c4a7cea754ea7fb57ef81b0c018843ebf5b0b85b3e43212c0f1f1ab5d30402d33386565acaf8cbec9e02192926ad1f9bf1737d745bdab38caeb40c96a913cfd122405cd61a16764925e7587b1e738c3497f019ba16ec87", 0xd3}, {&(0x7f0000000380)="ae19d40a2c50cedac426851b408037bc260478", 0x13}, {&(0x7f00000003c0)="0f462faf132ad64759359d522012110728dbb5a20588c24966d6c146fadc986325ed215af530af5c5f7425faaaff8c071570233d98c63a18617a08e5a0dd15ee474b9d20667db3a2701270ee382e3ee996a38ec10db4a28fad09affd9bf554737fd23ca5b5baa89ccf3fd55de2814ba709724bc4f05c45806f6af23ba5af417d2e2c601a1a020e614897cda007ffc82bd4c698126d91f4ed7a53d666e258a7aa3dc7b921f3b871aebd08a0e4a9951f041935ac53e9e61c1f494c8dc82e5204994f59e44ede7d0d635d0689e87d9a9e4f003f83fa3f3dda7ef8f2dd66e581c2c942733eb68bf4b255eeffc059598ec4508dd8a0f92b1f2c44e8ea54", 0xfb}, {&(0x7f00000004c0)="35ab713f5e212463dfc8f7405d35b05e97f4b2267140c96af53da1c3359425ed2e67b51a93f67545bda0e49cfefc0a473a85a56e576ec4f43a59e61ae5811d0c2ba4d52ed80c2fd89365c71872a78e75e5e5bec88ef706b2cfa27c715f6f8e9709a00e47b9f82540413fbe37182e568f6bf647d13ea514787a948c0ea6b5377cbd00ceb84ee28b9feffe9854c7b9963f4c6e8bfa62763e284833c339c31c0615f8bdca7791e72b5d839cd60a34fa500364ef77462b822118de2f5271a075f3b217c0d25aabb465da8e09935837e2414443a8ccf0f0223074f71b8b77f4bad7bc528baf4628fae76cbcd3729d62ee7c6b6464c35b071a0d5de0df320a6cf7db665a16083b838859556a634e70f80a6f8a443aad4473e5777e2dd893e3de604eda8445144d17e5be3dc6cff02e71e9a1bc974237873dd4524b5fd3172ec1e5558566ad12d90648877e0a26e1d82e949bf11658f4a4099c33b5f4d3e6fed598ab0659e1f405f83d0b318917fcb20fb18fa1a911c9e9fd5bfead028ba595f95e293328cf1c34f3999b4528d6f30034a15f3608c5153fdc8c7b51d90760125cad5a74543ab5d69783dcbbdceaa4d5aab2553553e2546d0653f4dfff1249e0b932964657d76f4983d037dcc07afe9247fe5775fdbfca44a56fa5c21f0e78fd4b7387f086c1d6f8510b3c33835964234595c1d6857e5f75df3a687960aa4ec574c9d0d5120ea18b15290ec6ce8e9c3bab51a171855f303ee7d6723f7189ac9bfdc038c18edd8a0628c1c3f58c91369a6cc6dde979d44553d01225fb1844c8e20cd7ce227e6084aac6f35f46feb5c216ee1b3fe34ab63aea7aff73a7ab4e0fcb2d0304d09c879853c52e00127eeb14443385f743fb0c076645c1a8006e2bda3146359fbe085e2b5de072a1bb4ee727a49103a563b8cd3d74a3b88dd59f0ef0d98252ae8bdadef4ee4c0b640eb7a120d2b9eb233f5a130344cd9e36ac5d585c034539495fd661290e662c93351ebe4a610e10c2013d9fa9aeef9749b1704c89a5477e7a1575cc781827310f95c1b76340b7e1b2d35f11bb396f8f338466469228404caaba944ff5f15c0a97eb1537b483c0c4cc34c48955cc0d3641ecf521003db09e04b83157b9dbf34db0004804e2e47d3f057c6a5ace7a295936bb1118092a5543832f74281a6d4eb77ee1cf8ae22ad08843328742bc8cc5d3503f2531bf2f0eca819af953f2be72d455de0afabf07d59d8d480a4acb0b383dad2deb12cef3a482607b880f591f4b03ff6fd05f594c1be8f1360040e6683132be008f6515e989e7890b11caa743bc2b3698fc80e71e6d1d44c4e3cf83fd8b7fc159e29ea0f56b65f17c204f18fb82d9cfbfc4590a6bb5d4daf3709f4b266a64da96c0c45344c03743ead159d49d488adc7187644dbe46a7b483da8a0c54a5a283e99d21cabfed1256070e14e853bc4c4a0f6f0a1c3dda9581fe9ce8bdfc4451e996fe5e176eb5570a240c34d3d89d44120167f3b3473b08130278fc9c5f4b980fcf0fc1022e5704308c3d41531f86658cb914763b4ebf171909add39dfaa8b631df8c1d5056f3a15d554129cdd1b5d3991ecec26c6b80af3c07f92a91da95e414c668b695bdc70e5f1c269551f4cdfc3239bf21ac3bba816bd950cd632a3270ff17b399416524e90b709785ebac5c9179bdb6517b0404c8cad4c24cb422432fd3e1e60b4c152172eee14c7b23482b8b923f44f7e2d47b63a8ed8828b55ebd2bd93eea9e8b51a15493e3529cfc2b990b1f287ee868e548669bfcb80ecd7855d5607c7f783ed010f5328f62cf7958600ab13a8abdf384aa1051b01a1259b6f1f2f8a868cb0e617624f45860c6f62329d887085549c0267f785847c4b6e2c270e6f6834ef199fbc6b61d88cff014c3905a2ed0877201ba0f0ad88f9ef97bc2afb9eaf300a79e7b9a6ad1ad58a3c5fa043fa2461640a0111bc0d621df97f6da08f6c08f40cf001d0985686e5eb206852746e55dcb4a9a12fccd8ac976f50f7a4e03b74452c84b017e3eb0df016b3bb2e2b051cea295c312ed671c92b25311b180acd19fee76818acf8663c427b40a27f6980ddddca61222b2afbbf92b18875b86d8b87d5113ea8656dbdf30fce2480062bd9aaa9d44eba639928b942438052e5e570caf8e94d2f2ccd272acc65f5289a48b6d5cfc6697acee54ba165ee5cc04d8216394d82ab35fea9c8d72ff330edb8fc1b2bd027237c336511765f8aced6087036e47cca88e815ec3622aa198532b4d4d587ee89cafdfa27a39f813db44ba661344cbf25232efcc6612e7a3864d380ef9c959fd1ce479111c686e9615a0094ceed6a1a42eaf566825e4e356b36f931e1af82782f3173b251d87e06afb12511d3716f51ecd78f2172c59c80bca1496dfdbbdccba8d160b1998475eb39f65e3681390ddebf3ecb7b44abd5ebc7f24c7841acba0625be102390c8d5ceeb98e9f0b0a5e76937163da3011cbe28e7c0d5458b912789efe4ea507c2b52ffe5f0c7a7161d44d43dfa90f904403221a0fe561c0d714c2000a99d6bb97a634f97b8196b9776d5467497cb81edd350692822df88f6a60a78bbbff2ec2928a169bb591cb0669ff9d5c8dc4d918c9346a02f5d7866ba72ced30358dd6e7f9bf1b386e11a800adc9d7f6266dbfd4d50a9bc88c33a5c4184ece89e6d7dd001e162cf9fd3d3f2b07a231250b7e5b9e0674c8348d39c9e2d3f62bea65542fcec16da9993975df7a149e47181befddf243a656d07fbfa3ac4c089d67208888fdf0bbf7c2868cc450cacebd735909b176ea469f02799a6a230b59a61e8b0407778b6c9cf5b2592cbd44a90b6f6278eb87a17aec0ef43eb5e5f1672ac02e8460a8bbdb42d79ef65c5710fd6440ea00cde3b8a2b79a3a11ef2ac33077e306f19777acd7b5752cc0650e917702388194685d1e5bcde803a2782ec75449fb7a6b2e67d9d6601f19ddb4d148e8b2bb7641560aa1c386f8e3b5f489a0139ce14733fd6ba35e58a2072336dd7756ba81022759a959a6867a8bf8b5346e0ac63e8dd25b148eec698194910cc627ac27f93d45c17a8d91166008d8cd00ddc4a4a45dcfb4acb66b6c7421edc0cc511ac3d478e6b3f230eb0e41ec64c32cd29386e3c8fb92582c3cba31153926b6f018faf09a1054ee0fd75f7e10be9abd1924cbda58d21acdde58ddb5a283e658f9acfed5cee26c2d5c6ec24f64467847b66c2cff879e9d080e82e4e721465cedfbe686f839219c8d0184e60cec34d63715dcb8f257f619662a165656001d7a02baa11b6ad0bea6e2340b93359af34580d932d95d1983ce74ea7a4a8676a3ae828d3de8bb5f549c3f33bb65dd2d6d366de4c087b10a1b4818c0d1c2e6055d26555dee567b8b57c3426fc578688869e40ef23a57c41ad8e3f14f8e9f02fc21b12da1c3720fba46f0384a957eebaf8d207627cf37e2f86c085404a42ccbf1d4df36ff7a20326836e77ee1206e614ca85968f83e4af8614fceacb14b247c53946571f6aa89ad5088d06862c7044765bafd3e05bea1e0c7781073053cd15dbc4feaa2604b4ad758b4712041a78d6aee6b65b94f2597642afdb02d9a0507fbc544c18de6fd8548ee6590e1af655263a7c4f2a8f5994ea780c21e8c49f9476c98b084a105d35011fc086c04adc918cff06a41865c61bfa76fd736314ed100468fc7b18a2ae5a23bd6050b70efd6893fc52c899feab7fe173fbffd581b759303d389c5466a490072b1d8fe00ba776cfcf8f488e986d5d25d6d22ce7019243aa428ee777685f472d9588336014c1c76a3a474507981ebbeec7ae9aeca0faab598c8635f685fda8aad234f76aa188b9c0f81e65d804a9b5c686666a28adc39c376858385d1beb3bf4c20bbf8285238c6af7509c9d37bbce8167fac9c5f54cb4899d8718124ea2db8df2689f29e041b9cd935894fc86605efa7a70d60278cae1caf57af38b6d412f9104bddf0e118a847f35f897193206ce14d4481bdbc1d6996689ccd7be2c0ef8ae8b7d5b02e64a978572b336e9ec5d1ada9e416d54b5d8a7fbb52d6c33a335a368e89db05929f1020658d080e67f656e429d9740d19f2d3beaa852119858670b03738dc4dffdc01817f38aac0db23223b5868cb3e291710cd6c1a73f7438aa140a21b1304027bad5ad4976e6e50a85e528c5d27f8207c97a3ed4753f7deb76aa71d411629e1867488e206ffd04328e68b94c96c67377bdb72a26da73cbb6ea017e7bf29a8114f54a24bdf6991770b1577da2504ac48b6f23ac3d127366a97eecba35c70e5e6f5d3b6f726f8e8a8f3210fb14b2edef74230e78ead15c04e42873758dd8e8b4247fa0f6857b11731f41e0a5b601989a12d3c259b88c4fa673daa1932d514e9208421b0fc239a0b80a162cf5260c848b66b350634a616d5cee90fa9065d553717f3eaf46d26b7901260cabe618c39099f98a70ce6aa4e95f5647c9fd38e6955bd7e4437656f78c90f1fd41830f9576896f8246e1a2fbd4bc5ae73343860d5cfecf330e0bed75bf953a54a49af7a514553d37cf4e99b48f898364a9929916897e7f706d7681ad1f3e296b582e7dd3e6e445619785c6bcc453a8c29583d6cc76d22aee7d86a97f591c29041fe840a8d9ac1368af8cb3956df166c7defd05d5b05f9652d96df3822a0b85656da458d0a3af491aa6c7f5a856147827ecf3300c2d8f682df4068740a950aea9fef9dbe8018687c0a7094ebdd83d5e4b46b2b165942dcd9f3ec9aa45198762426c099de72743decccbb896ea4bff6ad5a41f5db53664dd2080f3cbef6de3cd4d9b75013be7cc3c50f9a4c1d5f6e642459db0a3e7c1b2148e09b6c6f1be2b66245c9e3544c25732615add433ea5b8afea9bdcf06aa86cc40717b994e9d5b11975b1c194e36212c7672eb32959a962caedcd9d38b7fe4e564f4e182f2aaafefef1a74729d9f8289bab5b05d8a34567a5346edbac32b3d4b45d898b1062ba7685dc881c108abf084337c54f2de8f391c64d0e319980e90166f905f9039a7a78774bf0a4cf7557c8291081bdd3230015722fe731c5cb6ecc168198d727f2bc9892e0e1298a068f954d2f482ad10b0c504ab0186aec7669168bc1e5550fd7d558eeb5c8e912fc3a1f8cf13b7bec1dabc2f64efca1d09c3586911a3c4e181564cb318bd0b8d24ba4aa87eb996bd517e4521c40c3295de9f00c4bed578f2fe349063822fb53b23c81e485e6d7b23306a8320607c779ff83e6daa94d711d06e3f6bfdedcefb1e974e61f10246a622af246c45214061796f864e14176be011ea25adf6f76d3d660d941f7c8c70db8cd187a0136b8eee02dcf25c00cef11b20d55343754e6b77e6122cc1366fb3f3c86e52f155dc9200e297d798e4b5133a2b4ed7e2de67ad805e6bdd626392637afbd93140ddd20ee89bb48f3c7388687135ae2612970da5e5515bcbfa42dbe176f83fc46555b3874b7f600d8aa73caa5f19a3a1735645a986903c6228c7f2b5e98fa6dc93c20cdb2debed35bc062665f3efe0629213853f35572844b8ea147d231f67e39ecf31e7f10c4ffdb1cc88be210bc8e78930c0b4aaf015f7077cce2f6964d0810a7517ee5bcb9466a4f73c4b081f75c9e1a746211555116c7c5a774f6180752d3518572fc4d771fe9c33f9128264188e61411fd8917537ec491323b1b7fd715889d250d2777be228b6675d27dc4ba7b33e02593571434f026583167bc54e0a30de421f0c3b7d9199f902a7eb4d4166ca6389b1f8ac4f18b8040e56a045cfc6e50491ba41800bde4fc2c65874e5", 0x1000}], 0x5, &(0x7f0000001540)=ANY=[@ANYBLOB="0000000001000301000009000000a1f72939c5fb6a05a065defa70a97c9917401b74080024e6"], 0x28}, 0x14)

10:17:03 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x0, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:03 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1260, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:03 executing program 4 (fault-call:11 fault-nth:14):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

[  364.068507] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  364.087677] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  364.095384] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  364.102645] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  364.109899] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  364.117151] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  364.124405] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 000000000000000d
[  364.209347] FAULT_INJECTION: forcing a failure.
[  364.209347] name failslab, interval 1, probability 0, space 0, times 0
[  364.220646] CPU: 1 PID: 23495 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  364.229484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  364.238839] Call Trace:
[  364.241442]  dump_stack+0x1c9/0x2b4
[  364.245087]  ? dump_stack_print_info.cold.2+0x52/0x52
[  364.250293]  ? __kernel_text_address+0xd/0x40
[  364.254805]  ? unwind_get_return_address+0x61/0xa0
10:17:03 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(0x0, 0x1004000000016)
close(r1)

10:17:03 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x0, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:03 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1277, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:03 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(0x0, 0x1004000000016)
close(r1)

[  364.259753]  should_fail.cold.4+0xa/0x11
[  364.263833]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  364.268955]  ? save_stack+0xa9/0xd0
[  364.272600]  ? kasan_kmalloc+0xc4/0xe0
[  364.276524]  ? kasan_slab_alloc+0x12/0x20
[  364.280688]  ? kmem_cache_alloc+0x12e/0x760
[  364.285111]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  364.289974]  ? kvm_mmu_load+0x21/0x10e0
[  364.293962]  ? vcpu_enter_guest+0x3aa6/0x6090
[  364.298643]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  364.303762]  ? do_vfs_ioctl+0x1de/0x1720
10:17:03 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x0, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

[  364.307834]  ? ksys_ioctl+0xa9/0xd0
[  364.311476]  ? __x64_sys_ioctl+0x73/0xb0
[  364.315551]  ? do_syscall_64+0x1b9/0x820
[  364.319626]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  364.325105]  ? lock_acquire+0x1e4/0x540
[  364.329110]  ? percpu_ref_put_many+0x119/0x240
[  364.333741]  ? lock_downgrade+0x8f0/0x8f0
[  364.337904]  ? lock_acquire+0x1e4/0x540
[  364.341892]  ? fs_reclaim_acquire+0x20/0x20
[  364.346232]  ? lock_downgrade+0x8f0/0x8f0
[  364.350419]  ? check_same_owner+0x340/0x340
[  364.354757]  ? rcu_note_context_switch+0x730/0x730
10:17:03 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0xc0481273, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  364.359701]  ? kasan_unpoison_shadow+0x35/0x50
[  364.364318]  __should_failslab+0x124/0x180
[  364.368567]  should_failslab+0x9/0x14
[  364.372382]  kmem_cache_alloc+0x2af/0x760
[  364.376550]  ? kasan_check_write+0x14/0x20
[  364.380801]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  364.385652]  mmu_topup_memory_caches+0xf7/0x3a0
[  364.390333]  kvm_mmu_load+0x21/0x10e0
[  364.394139]  ? rcu_note_context_switch+0x730/0x730
[  364.399077]  ? filemap_map_pages+0xca2/0x1990
[  364.403575]  vcpu_enter_guest+0x3aa6/0x6090
[  364.407900]  ? kasan_check_write+0x14/0x20
[  364.412143]  ? __mutex_lock+0x6c4/0x1680
[  364.416217]  ? kvm_set_msr_common+0x26a0/0x26a0
[  364.420889]  ? lock_acquire+0x1e4/0x540
[  364.424897]  ? vmx_vcpu_load+0xadf/0xff0
[  364.428964]  ? trace_hardirqs_on+0x10/0x10
[  364.433413]  ? vmx_vcpu_reset+0x1040/0x1040
[  364.437773]  ? find_get_entries_tag+0x1410/0x1410
[  364.442909]  ? __account_cfs_rq_runtime+0x770/0x770
[  364.448466]  ? lock_acquire+0x1e4/0x540
[  364.452452]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
10:17:03 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:03 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:03 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x125f, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:03 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x2000000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

[  364.457482]  ? lock_release+0xa30/0xa30
[  364.461465]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  364.466751]  ? kvm_arch_dev_ioctl+0x610/0x610
[  364.471251]  ? preempt_notifier_dec+0x20/0x20
[  364.475758]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  364.480609]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  364.485665]  kvm_vcpu_ioctl+0x7b8/0x1300
[  364.489762]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  364.495509]  ? lock_acquire+0x1e4/0x540
[  364.499489]  ? __fget+0x4ac/0x740
[  364.502946]  ? lock_downgrade+0x8f0/0x8f0
[  364.507204]  ? lock_release+0xa30/0xa30
[  364.511185]  ? pid_task+0x115/0x200
[  364.514823]  ? find_vpid+0xf0/0xf0
[  364.518382]  ? __f_unlock_pos+0x19/0x20
[  364.522361]  ? __fget+0x4d5/0x740
[  364.525831]  ? ksys_dup3+0x690/0x690
[  364.529554]  ? kasan_check_write+0x14/0x20
[  364.533803]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  364.538733]  ? fsnotify+0xbac/0x14e0
[  364.542448]  ? vfs_write+0x2f3/0x560
[  364.546170]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  364.551913]  do_vfs_ioctl+0x1de/0x1720
[  364.556333]  ? fsnotify_first_mark+0x350/0x350
10:17:03 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:03 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

[  364.560933]  ? __fsnotify_parent+0xcc/0x420
[  364.565260]  ? ioctl_preallocate+0x300/0x300
[  364.569673]  ? __fget_light+0x2f7/0x440
[  364.573657]  ? fget_raw+0x20/0x20
[  364.577117]  ? __sb_end_write+0xac/0xe0
[  364.581104]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  364.586650]  ? fput+0x130/0x1a0
[  364.589933]  ? ksys_write+0x1ae/0x260
[  364.593737]  ? security_file_ioctl+0x94/0xc0
[  364.598147]  ksys_ioctl+0xa9/0xd0
[  364.601607]  __x64_sys_ioctl+0x73/0xb0
[  364.605501]  do_syscall_64+0x1b9/0x820
[  364.609413]  ? syscall_slow_exit_work+0x500/0x500
[  364.614261]  ? syscall_return_slowpath+0x5e0/0x5e0
[  364.619209]  ? syscall_return_slowpath+0x31d/0x5e0
[  364.624158]  ? prepare_exit_to_usermode+0x291/0x3b0
[  364.629191]  ? perf_trace_sys_enter+0xb10/0xb10
[  364.633956]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  364.638811]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  364.644031] RIP: 0033:0x455e29
[  364.647230] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  364.666499] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  364.674226] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  364.681499] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  364.688770] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  364.696073] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  364.703342] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 000000000000000e
10:17:06 executing program 4 (fault-call:11 fault-nth:15):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:17:06 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:06 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x40049409, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:06 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(0x0, 0x1004000000016)
close(r1)

10:17:06 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(0x0, 0x1004000000016)
close(r1)

10:17:06 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:06 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f0000000040)='./control/file0\x00', 0xffffffffffffffff)
clock_gettime(0x0, &(0x7f0000000100)={<r1=>0x0, <r2=>0x0})
clock_gettime(0x0, &(0x7f0000000140)={<r3=>0x0, <r4=>0x0})
write$sndseq(r0, &(0x7f0000000180)=[{0x9, 0x0, 0x2, 0x1, @time={0x77359400}, {0x3645c78, 0x4}, {0x21, 0xff}, @note={0x6, 0x9, 0x6, 0x1, 0xdea}}, {0x100000000, 0x80000000, 0x456d, 0x7, @time={r1, r2+10000000}, {0x9, 0x79}, {0x3, 0x6b3}, @result={0x4e, 0x5}}, {0x4, 0xffff, 0xf6, 0xee6, @time={0x0, 0x1c9c380}, {0x80, 0x5}, {0x8, 0x1}, @time=@time={r3, r4+30000000}}, {0x1, 0x4, 0xff, 0xdb7, @time={0x77359400}, {0xb0e, 0x9}, {0x40, 0x800}, @raw8={"a4b6b9e19a473248797be860"}}], 0xc0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r5 = userfaultfd(0x0)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r7 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x1e}, &(0x7f0000044000))
lseek(r6, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r7, 0x1004000000016)
close(r5)

10:17:06 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x4000000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:06 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:06 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0xc0101282, &(0x7f0000000040)={0x1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:06 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$nl_crypto(r2, &(0x7f0000000280)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)=@get={0x128, 0x13, 0x820, 0x70bd2a, 0x25dfdbff, {{'drbg_nopr_ctr_aes192\x00'}, [], [], 0x400, 0x2400}, [{0x8, 0x1, 0x1}, {0x8, 0x1, 0x20}, {0x8, 0x1, 0x1f}, {0x8, 0x1, 0x6}, {0x8, 0x1, 0x37b}, {0x8, 0x1, 0x1fe0000000000}, {0x8, 0x1, 0x100000000}, {0x8, 0x1, 0x8}, {0x8, 0x1, 0x9}]}, 0x128}, 0x1, 0x0, 0x0, 0x40000}, 0x20000040)
ioctl$RTC_UIE_OFF(r2, 0x7004)
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

[  367.280709] FAULT_INJECTION: forcing a failure.
[  367.280709] name failslab, interval 1, probability 0, space 0, times 0
[  367.292049] CPU: 1 PID: 23563 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  367.300451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  367.309806] Call Trace:
[  367.312410]  dump_stack+0x1c9/0x2b4
[  367.316057]  ? dump_stack_print_info.cold.2+0x52/0x52
[  367.321258]  ? __kernel_text_address+0xd/0x40
[  367.325758]  ? unwind_get_return_address+0x61/0xa0
10:17:06 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedd1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:06 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

[  367.330724]  should_fail.cold.4+0xa/0x11
[  367.334794]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  367.339905]  ? save_stack+0xa9/0xd0
[  367.343536]  ? kasan_kmalloc+0xc4/0xe0
[  367.347424]  ? kasan_slab_alloc+0x12/0x20
[  367.351577]  ? kmem_cache_alloc+0x12e/0x760
[  367.355931]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  367.360795]  ? kvm_mmu_load+0x21/0x10e0
[  367.364771]  ? vcpu_enter_guest+0x3aa6/0x6090
[  367.369269]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  367.374288]  ? do_vfs_ioctl+0x1de/0x1720
10:17:06 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedbe, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:06 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

[  367.378347]  ? ksys_ioctl+0xa9/0xd0
[  367.381977]  ? __x64_sys_ioctl+0x73/0xb0
[  367.386040]  ? do_syscall_64+0x1b9/0x820
[  367.390102]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  367.395473]  ? lock_acquire+0x1e4/0x540
[  367.399448]  ? percpu_ref_put_many+0x119/0x240
[  367.404043]  ? lock_downgrade+0x8f0/0x8f0
[  367.408283]  ? lock_acquire+0x1e4/0x540
[  367.412271]  ? fs_reclaim_acquire+0x20/0x20
[  367.416609]  ? lock_downgrade+0x8f0/0x8f0
[  367.420766]  ? check_same_owner+0x340/0x340
[  367.425096]  ? rcu_note_context_switch+0x730/0x730
10:17:06 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedce, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  367.430208]  ? kasan_unpoison_shadow+0x35/0x50
[  367.434799]  __should_failslab+0x124/0x180
[  367.439047]  should_failslab+0x9/0x14
[  367.442856]  kmem_cache_alloc+0x2af/0x760
[  367.447014]  ? kasan_check_write+0x14/0x20
[  367.451260]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  367.456114]  mmu_topup_memory_caches+0xf7/0x3a0
[  367.460800]  kvm_mmu_load+0x21/0x10e0
[  367.464607]  ? rcu_note_context_switch+0x730/0x730
[  367.469541]  ? filemap_map_pages+0xca2/0x1990
[  367.474044]  vcpu_enter_guest+0x3aa6/0x6090
[  367.478374]  ? kasan_check_write+0x14/0x20
[  367.482617]  ? __mutex_lock+0x6c4/0x1680
[  367.486685]  ? kvm_set_msr_common+0x26a0/0x26a0
[  367.491357]  ? lock_acquire+0x1e4/0x540
[  367.495337]  ? vmx_vcpu_load+0xadf/0xff0
[  367.499404]  ? trace_hardirqs_on+0x10/0x10
[  367.503653]  ? vmx_vcpu_reset+0x1040/0x1040
[  367.507985]  ? find_get_entries_tag+0x1410/0x1410
[  367.512844]  ? lock_acquire+0x1e4/0x540
[  367.516833]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  367.521859]  ? lock_release+0xa30/0xa30
[  367.525839]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  367.531123]  ? kvm_arch_dev_ioctl+0x610/0x610
[  367.535622]  ? preempt_notifier_dec+0x20/0x20
[  367.540127]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  367.544978]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  367.550003]  kvm_vcpu_ioctl+0x7b8/0x1300
[  367.554076]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  367.559798]  ? lock_acquire+0x1e4/0x540
[  367.563777]  ? __fget+0x4ac/0x740
[  367.567325]  ? lock_downgrade+0x8f0/0x8f0
[  367.571478]  ? lock_release+0xa30/0xa30
[  367.575451]  ? pid_task+0x115/0x200
[  367.579080]  ? find_vpid+0xf0/0xf0
[  367.582627]  ? __f_unlock_pos+0x19/0x20
[  367.586604]  ? __fget+0x4d5/0x740
[  367.590050]  ? ksys_dup3+0x690/0x690
[  367.593762]  ? kasan_check_write+0x14/0x20
[  367.597989]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  367.602914]  ? fsnotify+0xbac/0x14e0
[  367.606635]  ? vfs_write+0x2f3/0x560
[  367.610335]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  367.616038]  do_vfs_ioctl+0x1de/0x1720
[  367.619914]  ? fsnotify_first_mark+0x350/0x350
[  367.624480]  ? __fsnotify_parent+0xcc/0x420
[  367.628796]  ? ioctl_preallocate+0x300/0x300
[  367.633190]  ? __fget_light+0x2f7/0x440
[  367.637143]  ? fget_raw+0x20/0x20
[  367.640586]  ? __sb_end_write+0xac/0xe0
[  367.644545]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  367.650062]  ? fput+0x130/0x1a0
[  367.653337]  ? ksys_write+0x1ae/0x260
[  367.657125]  ? security_file_ioctl+0x94/0xc0
[  367.661517]  ksys_ioctl+0xa9/0xd0
[  367.664949]  __x64_sys_ioctl+0x73/0xb0
[  367.668819]  do_syscall_64+0x1b9/0x820
[  367.672688]  ? syscall_return_slowpath+0x5e0/0x5e0
[  367.677603]  ? syscall_return_slowpath+0x31d/0x5e0
[  367.682522]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  367.687534]  ? prepare_exit_to_usermode+0x291/0x3b0
[  367.692545]  ? perf_trace_sys_enter+0xb10/0xb10
[  367.697199]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  367.702035]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  367.707229] RIP: 0033:0x455e29
[  367.710399] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
10:17:06 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:06 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedcb, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:06 executing program 4 (fault-call:11 fault-nth:16):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

[  367.729604] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  367.737293] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  367.744546] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  367.751798] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  367.759069] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  367.766319] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 000000000000000f
[  367.829806] FAULT_INJECTION: forcing a failure.
[  367.829806] name failslab, interval 1, probability 0, space 0, times 0
[  367.841111] CPU: 0 PID: 23616 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  367.849512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  367.858862] Call Trace:
[  367.861442]  dump_stack+0x1c9/0x2b4
[  367.865075]  ? dump_stack_print_info.cold.2+0x52/0x52
[  367.870263]  ? __kernel_text_address+0xd/0x40
[  367.874757]  ? unwind_get_return_address+0x61/0xa0
[  367.879694]  should_fail.cold.4+0xa/0x11
[  367.883765]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  367.888874]  ? save_stack+0xa9/0xd0
[  367.892518]  ? kasan_kmalloc+0xc4/0xe0
[  367.896423]  ? kasan_slab_alloc+0x12/0x20
[  367.900556]  ? kmem_cache_alloc+0x12e/0x760
[  367.904861]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  367.909696]  ? kvm_mmu_load+0x21/0x10e0
[  367.913677]  ? vcpu_enter_guest+0x3aa6/0x6090
[  367.918163]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  367.923252]  ? do_vfs_ioctl+0x1de/0x1720
[  367.927299]  ? ksys_ioctl+0xa9/0xd0
[  367.930917]  ? __x64_sys_ioctl+0x73/0xb0
[  367.934969]  ? do_syscall_64+0x1b9/0x820
[  367.939030]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  367.944389]  ? lock_acquire+0x1e4/0x540
[  367.948355]  ? percpu_ref_put_many+0x119/0x240
[  367.952921]  ? lock_downgrade+0x8f0/0x8f0
[  367.957067]  ? lock_acquire+0x1e4/0x540
[  367.961034]  ? fs_reclaim_acquire+0x20/0x20
[  367.965343]  ? lock_downgrade+0x8f0/0x8f0
[  367.969478]  ? check_same_owner+0x340/0x340
[  367.973783]  ? rcu_note_context_switch+0x730/0x730
[  367.978701]  ? kasan_unpoison_shadow+0x35/0x50
[  367.983269]  __should_failslab+0x124/0x180
[  367.987491]  should_failslab+0x9/0x14
[  367.991285]  kmem_cache_alloc+0x2af/0x760
[  367.995430]  ? kasan_check_write+0x14/0x20
[  367.999661]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  368.004501]  mmu_topup_memory_caches+0xf7/0x3a0
[  368.009162]  kvm_mmu_load+0x21/0x10e0
[  368.012952]  ? rcu_note_context_switch+0x730/0x730
[  368.017878]  ? filemap_map_pages+0xca2/0x1990
[  368.022360]  vcpu_enter_guest+0x3aa6/0x6090
[  368.026667]  ? kasan_check_write+0x14/0x20
[  368.030888]  ? __mutex_lock+0x6c4/0x1680
[  368.034939]  ? kvm_set_msr_common+0x26a0/0x26a0
[  368.039595]  ? lock_acquire+0x1e4/0x540
[  368.043558]  ? vmx_vcpu_load+0xadf/0xff0
[  368.047630]  ? trace_hardirqs_on+0x10/0x10
[  368.051862]  ? vmx_vcpu_reset+0x1040/0x1040
[  368.056166]  ? find_get_entries_tag+0x1410/0x1410
[  368.060995]  ? lock_acquire+0x1e4/0x540
[  368.064958]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  368.069963]  ? lock_release+0xa30/0xa30
[  368.073943]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  368.079226]  ? kvm_arch_dev_ioctl+0x610/0x610
[  368.083757]  ? preempt_notifier_dec+0x20/0x20
[  368.088283]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  368.093140]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  368.098169]  kvm_vcpu_ioctl+0x7b8/0x1300
[  368.102241]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  368.107964]  ? lock_acquire+0x1e4/0x540
[  368.111952]  ? __fget+0x4ac/0x740
[  368.115424]  ? lock_downgrade+0x8f0/0x8f0
[  368.119576]  ? lock_release+0xa30/0xa30
[  368.123553]  ? pid_task+0x115/0x200
[  368.127173]  ? find_vpid+0xf0/0xf0
10:17:07 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x0)
close(r1)

10:17:07 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(0x0, 0x1004000000016)
close(r1)

10:17:07 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(0x0, 0x1004000000016)
close(r1)

10:17:07 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x6100, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  368.130703]  ? __f_unlock_pos+0x19/0x20
[  368.134671]  ? __fget+0x4d5/0x740
[  368.138115]  ? ksys_dup3+0x690/0x690
[  368.141834]  ? kasan_check_write+0x14/0x20
[  368.146073]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  368.151033]  ? fsnotify+0xbac/0x14e0
[  368.154746]  ? vfs_write+0x2f3/0x560
[  368.158467]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  368.164184]  do_vfs_ioctl+0x1de/0x1720
[  368.168079]  ? fsnotify_first_mark+0x350/0x350
[  368.172665]  ? __fsnotify_parent+0xcc/0x420
10:17:07 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x30000000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:07 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

[  368.177947]  ? ioctl_preallocate+0x300/0x300
[  368.182362]  ? __fget_light+0x2f7/0x440
[  368.186358]  ? fget_raw+0x20/0x20
[  368.189951]  ? __sb_end_write+0xac/0xe0
[  368.193938]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  368.199489]  ? fput+0x130/0x1a0
[  368.202793]  ? ksys_write+0x1ae/0x260
[  368.206607]  ? security_file_ioctl+0x94/0xc0
[  368.211033]  ksys_ioctl+0xa9/0xd0
[  368.214497]  __x64_sys_ioctl+0x73/0xb0
[  368.218408]  do_syscall_64+0x1b9/0x820
[  368.222315]  ? finish_task_switch+0x1d3/0x870
[  368.226827]  ? syscall_return_slowpath+0x5e0/0x5e0
10:17:07 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
keyctl$search(0xa, 0x0, &(0x7f0000000080)='.dead\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a}, 0x0)

[  368.231818]  ? syscall_return_slowpath+0x31d/0x5e0
[  368.236772]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  368.241808]  ? prepare_exit_to_usermode+0x291/0x3b0
[  368.246849]  ? perf_trace_sys_enter+0xb10/0xb10
[  368.251521]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  368.257263]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  368.262454] RIP: 0033:0x455e29
[  368.265633] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  368.284837] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  368.292558] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  368.299821] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  368.307081] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  368.314353] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  368.321706] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000010
10:17:07 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
bind$rds(r2, &(0x7f0000000040)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10)
close(r1)

10:17:07 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x5f00, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:07 executing program 4 (fault-call:11 fault-nth:17):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:17:07 executing program 3:
perf_event_open(&(0x7f000025c000)={0x2, 0x41, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0)
r1 = openat$cgroup_subtree(r0, &(0x7f00000000c0)='cgroup.subtree_control\x00', 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000140)={[{0x2b, 'pids', 0x20}]}, 0x6)
r2 = openat$cgroup(r0, &(0x7f0000000100)='syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000180)='pids.current\x00', 0x0, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000040)={[{0x80002d, 'pids', 0x20}]}, 0x6)

10:17:07 executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff})
r1 = epoll_create1(0x0)
r2 = dup3(r0, r1, 0x0)
setsockopt$inet_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f0000000040)={0x303, 0x33}, 0x4)

10:17:07 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedd0, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:07 executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff})
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f00000001c0), 0x3b3)

[  368.484056] FAULT_INJECTION: forcing a failure.
[  368.484056] name failslab, interval 1, probability 0, space 0, times 0
[  368.495347] CPU: 0 PID: 23658 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  368.503757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  368.513115] Call Trace:
[  368.515717]  dump_stack+0x1c9/0x2b4
[  368.519370]  ? dump_stack_print_info.cold.2+0x52/0x52
[  368.524572]  ? __kernel_text_address+0xd/0x40
[  368.529070]  ? unwind_get_return_address+0x61/0xa0
10:17:07 executing program 3:
socket$inet6(0xa, 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1000082)
r1 = memfd_create(&(0x7f0000000080)="74086e750000000000000000008c00", 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000280)={{0x1, @rand_addr=0x4, 0x4e21, 0x4, 'nq\x00', 0x10, 0x3, 0x5}, {@local={0xac, 0x14, 0x14, 0xaa}, 0x4e21, 0x2000, 0x2, 0x80, 0x9}}, 0x44)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x1081806)
pwritev(r0, &(0x7f0000000240)=[{&(0x7f00000000c0)="75c90e823e36491f8bb048cb27f614dad4bcc8ba46247fb4e0083357ae6d1656e92b97b395359b2815b2d7ed4f909f08d3a0595f8b5b8b381608557cfda60441eb72fa3ec73a5dd690e22f395605325a23fb6734bb3275e3aec68c440b1965127f73630dbda4248cee89238f8ee0f12962350c5eefbcc04f34518581db3e1325406791596a991a935e9b243bd7156d79a00de266", 0x94}, {&(0x7f0000000180)="56ff798e8d01afb14b4ccf7df76ce51518380e223db3881aff9d000fc751869b034c6b4a69183219c5a545c9f349161ee3", 0x31}], 0x2, 0x0)

[  368.534014]  should_fail.cold.4+0xa/0x11
[  368.538086]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  368.543197]  ? save_stack+0xa9/0xd0
[  368.546833]  ? kasan_kmalloc+0xc4/0xe0
[  368.550719]  ? kasan_slab_alloc+0x12/0x20
[  368.554873]  ? kmem_cache_alloc+0x12e/0x760
[  368.559203]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  368.564055]  ? kvm_mmu_load+0x21/0x10e0
[  368.568032]  ? vcpu_enter_guest+0x3aa6/0x6090
[  368.572535]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  368.577559]  ? do_vfs_ioctl+0x1de/0x1720
10:17:07 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedd3, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  368.581627]  ? ksys_ioctl+0xa9/0xd0
[  368.585259]  ? __x64_sys_ioctl+0x73/0xb0
[  368.589331]  ? do_syscall_64+0x1b9/0x820
[  368.593406]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  368.598778]  ? lock_acquire+0x1e4/0x540
[  368.602756]  ? percpu_ref_put_many+0x119/0x240
[  368.607353]  ? lock_downgrade+0x8f0/0x8f0
[  368.611512]  ? lock_acquire+0x1e4/0x540
[  368.615495]  ? fs_reclaim_acquire+0x20/0x20
[  368.619855]  ? lock_downgrade+0x8f0/0x8f0
[  368.624013]  ? check_same_owner+0x340/0x340
[  368.628354]  ? rcu_note_context_switch+0x730/0x730
[  368.633299]  ? kasan_unpoison_shadow+0x35/0x50
[  368.637895]  __should_failslab+0x124/0x180
[  368.642149]  should_failslab+0x9/0x14
[  368.645960]  kmem_cache_alloc+0x2af/0x760
[  368.650121]  ? kasan_check_write+0x14/0x20
[  368.654388]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  368.659253]  mmu_topup_memory_caches+0xf7/0x3a0
[  368.664069]  kvm_mmu_load+0x21/0x10e0
[  368.667876]  ? rcu_note_context_switch+0x730/0x730
[  368.672819]  ? filemap_map_pages+0xca2/0x1990
[  368.677325]  vcpu_enter_guest+0x3aa6/0x6090
[  368.681661]  ? kasan_check_write+0x14/0x20
[  368.685902]  ? __mutex_lock+0x6c4/0x1680
[  368.689973]  ? kvm_set_msr_common+0x26a0/0x26a0
[  368.695344]  ? lock_acquire+0x1e4/0x540
[  368.699325]  ? vmx_vcpu_load+0xadf/0xff0
[  368.703397]  ? trace_hardirqs_on+0x10/0x10
[  368.707635]  ? vmx_vcpu_reset+0x1040/0x1040
[  368.711960]  ? find_get_entries_tag+0x1410/0x1410
[  368.716817]  ? lock_acquire+0x1e4/0x540
[  368.720792]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  368.725806]  ? lock_release+0xa30/0xa30
[  368.729763]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  368.735033]  ? kvm_arch_dev_ioctl+0x610/0x610
[  368.739520]  ? preempt_notifier_dec+0x20/0x20
[  368.744000]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  368.748831]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  368.753835]  kvm_vcpu_ioctl+0x7b8/0x1300
[  368.757882]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  368.763581]  ? lock_acquire+0x1e4/0x540
[  368.767534]  ? __fget+0x4ac/0x740
[  368.770969]  ? lock_downgrade+0x8f0/0x8f0
[  368.775101]  ? lock_release+0xa30/0xa30
[  368.779057]  ? pid_task+0x115/0x200
[  368.782667]  ? find_vpid+0xf0/0xf0
[  368.786201]  ? __f_unlock_pos+0x19/0x20
[  368.790172]  ? __fget+0x4d5/0x740
[  368.793616]  ? ksys_dup3+0x690/0x690
[  368.797315]  ? kasan_check_write+0x14/0x20
[  368.801534]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  368.806451]  ? fsnotify+0xbac/0x14e0
[  368.810177]  ? vfs_write+0x2f3/0x560
[  368.813885]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  368.819578]  do_vfs_ioctl+0x1de/0x1720
[  368.823453]  ? fsnotify_first_mark+0x350/0x350
[  368.828107]  ? __fsnotify_parent+0xcc/0x420
[  368.832427]  ? ioctl_preallocate+0x300/0x300
[  368.836827]  ? __fget_light+0x2f7/0x440
[  368.840783]  ? fget_raw+0x20/0x20
[  368.844224]  ? __sb_end_write+0xac/0xe0
[  368.848367]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  368.853900]  ? fput+0x130/0x1a0
[  368.857169]  ? ksys_write+0x1ae/0x260
[  368.860953]  ? security_file_ioctl+0x94/0xc0
[  368.865349]  ksys_ioctl+0xa9/0xd0
[  368.868795]  __x64_sys_ioctl+0x73/0xb0
[  368.872665]  do_syscall_64+0x1b9/0x820
[  368.876534]  ? finish_task_switch+0x1d3/0x870
[  368.881017]  ? syscall_return_slowpath+0x5e0/0x5e0
[  368.885939]  ? syscall_return_slowpath+0x31d/0x5e0
[  368.890859]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  368.895876]  ? prepare_exit_to_usermode+0x291/0x3b0
[  368.900875]  ? perf_trace_sys_enter+0xb10/0xb10
[  368.905528]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  368.910367]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  368.915554] RIP: 0033:0x455e29
10:17:07 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x0)
close(r1)

[  368.918728] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  368.937937] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  368.945715] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  368.953004] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  368.960278] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  368.967584] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  368.974863] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000011
10:17:07 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x0)
close(r1)

10:17:08 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(0x0, 0x1004000000016)
close(r1)

10:17:08 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedbb, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:08 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x30, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:08 executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
r1 = epoll_create1(0x0)
dup3(r0, r1, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc)

10:17:08 executing program 4 (fault-call:11 fault-nth:18):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

[  369.256528] FAULT_INJECTION: forcing a failure.
[  369.256528] name failslab, interval 1, probability 0, space 0, times 0
[  369.268093] CPU: 0 PID: 23717 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  369.276520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  369.285888] Call Trace:
[  369.288492]  dump_stack+0x1c9/0x2b4
[  369.292124]  ? dump_stack_print_info.cold.2+0x52/0x52
[  369.297338]  ? __kernel_text_address+0xd/0x40
[  369.301832]  ? unwind_get_return_address+0x61/0xa0
[  369.306770]  should_fail.cold.4+0xa/0x11
[  369.310839]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  369.315936]  ? save_stack+0xa9/0xd0
[  369.319578]  ? kasan_kmalloc+0xc4/0xe0
[  369.323467]  ? kasan_slab_alloc+0x12/0x20
[  369.327611]  ? kmem_cache_alloc+0x12e/0x760
[  369.331927]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  369.336788]  ? kvm_mmu_load+0x21/0x10e0
[  369.340761]  ? vcpu_enter_guest+0x3aa6/0x6090
[  369.345264]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  369.350401]  ? do_vfs_ioctl+0x1de/0x1720
[  369.354451]  ? ksys_ioctl+0xa9/0xd0
[  369.358071]  ? __x64_sys_ioctl+0x73/0xb0
[  369.362139]  ? do_syscall_64+0x1b9/0x820
[  369.366198]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  369.371556]  ? lock_acquire+0x1e4/0x540
[  369.375517]  ? percpu_ref_put_many+0x119/0x240
[  369.380107]  ? lock_downgrade+0x8f0/0x8f0
[  369.384296]  ? lock_acquire+0x1e4/0x540
[  369.388267]  ? fs_reclaim_acquire+0x20/0x20
[  369.392592]  ? lock_downgrade+0x8f0/0x8f0
[  369.396743]  ? check_same_owner+0x340/0x340
[  369.401065]  ? rcu_note_context_switch+0x730/0x730
[  369.405992]  ? kasan_unpoison_shadow+0x35/0x50
[  369.410578]  __should_failslab+0x124/0x180
[  369.414818]  should_failslab+0x9/0x14
[  369.418621]  kmem_cache_alloc+0x2af/0x760
[  369.422761]  ? kasan_check_write+0x14/0x20
[  369.426998]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  369.431842]  mmu_topup_memory_caches+0xf7/0x3a0
[  369.436522]  kvm_mmu_load+0x21/0x10e0
[  369.440329]  ? rcu_note_context_switch+0x730/0x730
[  369.445254]  ? filemap_map_pages+0xca2/0x1990
[  369.449760]  vcpu_enter_guest+0x3aa6/0x6090
[  369.454080]  ? kasan_check_write+0x14/0x20
[  369.458305]  ? __mutex_lock+0x6c4/0x1680
[  369.462355]  ? kvm_set_msr_common+0x26a0/0x26a0
[  369.467029]  ? lock_acquire+0x1e4/0x540
[  369.471006]  ? vmx_vcpu_load+0xadf/0xff0
[  369.475060]  ? trace_hardirqs_on+0x10/0x10
[  369.479316]  ? vmx_vcpu_reset+0x1040/0x1040
[  369.483648]  ? find_get_entries_tag+0x1410/0x1410
[  369.488506]  ? lock_acquire+0x1e4/0x540
[  369.492500]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  369.497510]  ? lock_release+0xa30/0xa30
[  369.501470]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  369.506751]  ? kvm_arch_dev_ioctl+0x610/0x610
[  369.511245]  ? preempt_notifier_dec+0x20/0x20
[  369.515760]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  369.520609]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  369.525648]  kvm_vcpu_ioctl+0x7b8/0x1300
[  369.529716]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  369.535428]  ? lock_acquire+0x1e4/0x540
[  369.539397]  ? __fget+0x4ac/0x740
[  369.542847]  ? lock_downgrade+0x8f0/0x8f0
[  369.547163]  ? lock_release+0xa30/0xa30
[  369.551144]  ? pid_task+0x115/0x200
[  369.554757]  ? find_vpid+0xf0/0xf0
[  369.558306]  ? __f_unlock_pos+0x19/0x20
[  369.562289]  ? __fget+0x4d5/0x740
[  369.565742]  ? ksys_dup3+0x690/0x690
[  369.569564]  ? kasan_check_write+0x14/0x20
[  369.573801]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  369.578730]  ? fsnotify+0xbac/0x14e0
[  369.582442]  ? vfs_write+0x2f3/0x560
[  369.586148]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  369.591875]  do_vfs_ioctl+0x1de/0x1720
[  369.595759]  ? fsnotify_first_mark+0x350/0x350
[  369.600343]  ? __fsnotify_parent+0xcc/0x420
[  369.604657]  ? ioctl_preallocate+0x300/0x300
[  369.609056]  ? __fget_light+0x2f7/0x440
[  369.613022]  ? fget_raw+0x20/0x20
[  369.616475]  ? __sb_end_write+0xac/0xe0
[  369.620441]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  369.625973]  ? fput+0x130/0x1a0
[  369.629240]  ? ksys_write+0x1ae/0x260
[  369.633041]  ? security_file_ioctl+0x94/0xc0
[  369.637449]  ksys_ioctl+0xa9/0xd0
[  369.640910]  __x64_sys_ioctl+0x73/0xb0
[  369.644791]  do_syscall_64+0x1b9/0x820
[  369.648673]  ? finish_task_switch+0x1d3/0x870
[  369.653162]  ? syscall_return_slowpath+0x5e0/0x5e0
[  369.658083]  ? syscall_return_slowpath+0x31d/0x5e0
[  369.663014]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  369.668043]  ? prepare_exit_to_usermode+0x291/0x3b0
[  369.673055]  ? perf_trace_sys_enter+0xb10/0xb10
[  369.677722]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  369.682567]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  369.687739] RIP: 0033:0x455e29
10:17:08 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
socketpair$inet(0x2, 0x0, 0xfffffffffffffff9, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f00000001c0)={<r2=>0x0, 0xffff}, &(0x7f0000000200)=0x8)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000240)={r2, @in={{0x2, 0x4e21, @local={0xac, 0x14, 0x14, 0xaa}}}, 0x12000000000, 0x7}, &(0x7f0000000300)=0x90)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x800)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r4, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r5 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r4, 0xc05c5340, &(0x7f0000000100)={0x21a, 0xfff, 0xcba, {0x77359400}, 0x7ff, 0x4})
recvfrom$inet(r4, &(0x7f0000000340)=""/79, 0x4f, 0x40000140, &(0x7f00000003c0)={0x2, 0x4e20, @broadcast=0xffffffff}, 0x10)
lseek(r4, 0x0, 0x1)
ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000040))
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000440)={{{@in6=@remote, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@multicast1}, 0x0, @in6=@local}}, &(0x7f0000000540)=0xe8)
quotactl(0x7a74, &(0x7f0000000400)='./file0\x00', r6, &(0x7f0000000580)="935aed7b70a86c3124311f7045e5677ff5d6a6c0b0078c1bd85479a5ca7e8b0a15c5891d25611058187ff7bdcea13edbe591e0994aaac97383133b280266823ac496355e56489e9a160ce037e2f97f0bd6757f15394348976c7dd3355ff974419fcb2e9b18d785f561a1a05e888e761c209068494c914026d6f4d8e588720ac55c2cc3d2e8a4c5bc33cc481f045dcc9d6d59ee8ce82fc749a188cae642bfcaf4a835130aca2c9d57e5beca2a3fa78d1833214f044889305ebe1b7d4250a7d3ea97fd6adec0214662ab51288521bac48ec742940ce68204fc2591f961e0983783acfb873a17dd8c2ae0a063099e01a6d35f03c25c76f999e8dc156f6f8066d5e391018f655a72fb887436c1ef73c9a81085930e2dcb1e338090a1d09ff488f5cc67ae942a17288aa031b7f4102a046bed8bdf902600dd8973e68a675de1122c870ec2a396247216057645346ffc403949015b31e1b463221311c5ef0211dcf480c0fc551e7ad00dd15debbc8aac3ab2de4313e971327f23d2b8fbe7c35636a591892f24bcad959e3fe3568c0c1fcd7571d023222d563458220906e314af7539354a10876393082a04cc331d90bb965c94b614b4bbbd33a629c9c1753e83e66018cc17f0227ce5df43f8b0fc79a5f18667be7dd2422e75da972ee95f99ba676763dc8cdb4f8bbbcef8cf4dbd24b831ebcf1ac792811b5aa480953df47891a9d9274ceddfff750e13f4be33f16dc602cada2a9cea37127158308bf78b9570ab1809471afb263f6fb6c9b64bb7359408de3bf9be7139f1f7cfe5c2e22e4e143dae32464e2cc3df9815e829747086007d2ab22e1243b636a746e21e72c62d3ba399cca4eed6a18920944644303635e7795cea5766bc052507ece626d69186093745c7a3cc310ed342d83b51afb9b56594118a2369c96f67770922521e7e8f73a1083a0806827875f4ce6e2fe93ec60e2f8010abc925c1a6dba097819f687d8a30d8fc60e5b0cd93432808cb6920fdcdf90381a935603cb3bd0cb638d19685ecb0b6e394824fbbe7f3320d63770963f68605d5bdca18c37f53056f81993400e3832594052dd15dadb9b18a3f5f6834201fc20d489cf12888a66dd20f3b7642149aec61d7957baa5958d30382b47cad503539e04cdb26e2a8436cdc5bb0ad97cdcc8b8a3680f889177e21af8626eccc50bb110e3508aba3bd7980f1fd98e4f1edd661bbb4bd789e283130ba18e0613af7e3b41e5fb21ba2bfbda125e714d02abddd46c398eb91d42eb0a71d9e1ae6bc8b7425d0a634f331eb5cb6bec6b90c9ac7921b1f4dc700ede17d7c7f67878e7bd0acea0a9539e736dc9707df331eec50a302b0400c01e89f91b4adfe833d2a14b83c0e1b0f4956e34cb616e004b22c7633728b8cb1cef10ed252fcef0cc4ddb55261218706b6afa5ef3f163b14478cb9d930bc4fe5442dacccaa57d1a29f2af0964017dba9bae98f9153e27b4bb49eeb1b81388f2439be6d0e67ea66830cb51b339b02abdeaad8a92033f002ede14d3614b798156c282ab19d763c3b2a18d465c8b89ba651c90114e4bbffb7ed7a9f7d762ae25efb140720b2d06d3e25ef06aaf3b8b08c589ef58a108062bcb2a475d2e50fedfb395bd85b11768658719f4964339b183f82092583ccfd966affcc69fbfa3aa66b1fd3f7d3c90145e032373f0d18f1444932907d3695285f9bf12eb5c91f6a788ef86cda715671de4b106953d4c9ffec07a7c9060ea77e9bd3d415c4334cfd04b2e84157292525f26890bd68910a45fcaff57a3e5885db754f0e8b5451565b9b298d892f259abeae4525520d9be9594068190a05d4886c41d9710a1cb5206f3c77c05a877cd3b95bade46bb26be41e02e1c48575722a1a1d22371991a1cbe97f962d2e65c09d5340547af74544bd1a8c55df85eba905a3e5bed55e19b7e8ee4da1d32326afcd96463e1655aec09c38372bfaec3c8fc720a37d7a9c321b45df1a8722d3494ee3e484e5702f51c6071ef03ad75f3d819e7e53e1081e361630bf264ec07a933c01edac1c91eb99b9b60c48db73ca77b44d4af3437916282de379adf806aa2fa667c5e3787b5268acadd489d840140e9a2ef897c65fe09411b10fc285f3399d35be4e9b39edbbd14fa871ceabe6db724386dce3b9219d58302326644976f66720d5025bdcd79c0724fe4065306275bf0bbda19de16411a3b09e999a4d6902aa9789356ac4179b1fd5f22f8a4cc1173dd433e99a5f6010e2e6de70aab4b0b59348c427092ae615cee403ed70864cdcd45500b38f549b07b11e74796a719a0d31b8535c74875d004eb0f800c9f65bbcb3b702b01191f3b540c941d4c75c64b95a4af7b18626892fb765b7478bf831fa7d6a81d3e672c7bd65667da0345c620111dbf8dbb97dfadc84ffcfcc657818c28f77f800a4999630680fe3986a44f07beb2a85ba8818327fc11be593050697fc354027ca81951cf1244dbc9ad0c233196f2011b4500865a945c7adca4f448f19bc693254b89a0656b7cb894edced7eddaf3c45cbbc15f061aa7022687096daf32cfd48359d4c0a8c66268e77ce5e9c3de6167d9cedad4bb8e56caf8ba042167010511524083fd9dbcf6cd3f6e1728d184163f926522b1dc9a2ed2bdb1fa02fef0e1923397718b53b66243f9f16fe0f7c026e13aef9b4a7a8a29a78b5e1847ca0e1b9249535e6927ab66f1f35788a50e33986715e5ef5fda62025e844b68be1d92b856515d3bd3f1bd1834f36ddb82797bb1bbdc227616a0c0123800af513e14eab167edd998fdc13946ded1d6d399b3e715d0d3e3fbbee45f005481ac365302d0ab24a283802b5659b06fbff1a27d9e04a1824abaff2c46db72c6cacd4a721719a0e9e649658279cc07587d3180fbf2256be57de7149869f106dd7d22a50b8f692fc86380f352c188e8deacf6177410a9994c22bad189f733913fb174f0f72abd8150e14624c8edfc9967c7210947cb3a5cf9fb15ef6fbab2b77dda1a1c84e005cc73fdcdf73c875f9c61390259596970fe41b7f164eb4bc5f6565a5d07974ce88bf0fb1905dc54b59403313024a8626376aee8f5a4d81b24fa89ea98139a18db86c700cbebf06e08dff9592f867417521efac6e3fbad30effd471c0bc2a95fbedbbcf4c17c3681b2a769deb7b90201306ff73f365f7902bc38c6eb613c9f54ef6740e1ed033702f0f32d91077271e8b770264d04ec2326cca524d86f84c22574accec0b1e76af2ad334cca00937a9334c92e958e19134ac9b9041ec4c31d24f994ebffc78087aefaff30642161acba32017b70f5141b5ed337421efd5f973764ac05e44c1ca09c4c1f6aeccda8229e2cbe9ca5f1dc8f6d3a77761cbb69fad381dd723584c654db276b5c6ba8f20a6fd3ca193fcf2cfd472e61c2f84270089c2945819b8cb21db1be3eedc34046db75ae5055bfc5fdb15abb708ccd45518ba97774d8ff7cf3428511e229e801b0f52e2f0b192c237db88a9cdb9dab4332756508e45292386f5f53a333f7488becca69769006ac801bf6b0bb5a22b7f6ff73002cc2b94a9d9f871469ae2c1e64163ac2fd568d26c13ced99154f776909c58014910dc17378e8edd03f01a882b3e1fe3de73088e146c8883b14d543fc2b4ea85544acb7083e8bea4c91988adaf25e77043aca78dfeb7674d6bf4f80ecaa74747d6566a40f01206a750f32f733c17afd9be8f6e6c0e378538c1f02da38374fcf3c4f06a4e60b74464b6492e4b7adb76c103f774b695a2d2045d204e87f00b471638fac3daa2321ee86300d0ec91fc690a22575784c7d16b94152edf062b4476188f70f41abe49edbbdf42337bdc68d1cc606616ffeeedcadf54c8fbc440486a0faeaa308e7236ff518270e149ff4ac9be6634a9c440713bb1559f98e54401329b2e5679b2fa26c60ac54ce9b52dcaf51e686dbbbaeff65baac1ee388c4220e2f1649b4674912b1aae6690e98a6ff7decd2339bc4b57f1619cdcd862da4556d31bd1994255a6d7d5a4ad27eb3fbb52d5fe8c53bdbed67a78e96855873fc0781b3666b7bac55d3128965d9dce0885f2c5d2bfd8ba3b8eb2447372a241b56c883a07248a7b798b85e7b00bf6bdceacba1d2f4057d9c230f1ecf0ff468a1b97abadc55b51b6712e9d1cc2b45026909e0bd7eb3750b1d22be4e70c1bd722bfc28a6fe055e3b69c4592da30550bddabe0ae6d58e4793a53378640c16356a3ff327b150ae9378a6f4b533a7c56098fb65460ee674c503d2c81410a72379f9f667100d38c53be4e6290614d5695437bcde9b1b98d8034b27611d63c72c1cd18bd0b45858d95b6fcb289231facc8e48db9a85272c4e1162e08ac6db4c37c206b9ebd964d2e5c6962e0d24ce79bcf1c4dea9911fc6b85d1040b566543e15a50526aaeb382d7cab7e86698ceebbe834b166e8024244a0ccf8a27d92c0bb9ea54145ea4def30ee29cf0f2c91d9048648c2a6cf48c6c187a2d1990e6140898fe60357f82974071790bc85daaee96b60a88f43a407e1bf17202dfb52895ea88b7ac5ef037e553ad41a190a1e4328b37ff4a4b5ed772642d6fc450c4d3cbca9c2083ae601fdca232494ec79b0b7ceaf60a91a11ddaa83d18015eed1f111d58989ca49180c19c7727620f2ae05ea0296d73078b3162da0bf5e3aa431633fbf66285744aa6115fca49fe744f70c0fe921cb4f549f525dd11e5f3acb5eaa054027375c4a8ce011262216e11a5a03eacbe37335d696be88655b462062da2520efe3c3a680191ecccac2bc2ff83fe321d6f082d43068034a4d1ea448672d75cf379acadbcd7598f631589e652441b53f3db724ad4de835682ac17479fe847e32ab96d20c6666fc2c8a73db2bd82bf67bcb8b6c0e9a0f0d15895ccc536ca9ed723d7ff0b92c8b4b25cb582a82dc73de6502b472686b5e4e3fdb71386fcdc1e5428a6fdda4000b7e7117989b8eb3edb4aba7bd692de525a1a3c0ce2892211f88df86dea3d95ac38c8886e986ab8cf1bbc2ee00ce8c3342f8b9887ae7713e256c446ac454595c74dbbd1ba60d9994689a80e2b4c6e62202b557fb8aec238c886f600c0f57357f57b703ae7fb1c7e1b003edbd1587d047afd2ff07aaf72ac3e26e2491ef5d6d3c3db6bbb13a872b168be049f659480b535ea43a5592c60747595d56e8f31d6460112c5b93266a14139fcfa7ca041913b757fab0128f79f145af08808b75792b5729c1aa3b10880aa7fba94cac589896eb0ff81bf332d0fb6c8d824ab9d120613534fa354306083ae9d626dc3e25a4a210149d8d7a6c1513354a169f20a169c3ae45ac2d70b9aaf77eea63ce4710a8a05acf4435429f4b6d17b25ef52537a36c75dd5f25bae85ee517fbce623ae777331cfedb7e379e09a496df8b1a7b697b947b46c15df46c95007b5c688507dab9090f39ebf20ff2a25295e195472aa4ccf1cc33f08f7b101fd8ad3d403e1f7ca871575cf23ad53e959099d2d1e96736efd0e853c99a617dcbe9c8c9dc60cb791fd610425b576b1f653b6c79cbafa02ea08ca5c474a0dee57a1afe53694678b44271f3b26efd79e2513562cd950fdef16063a0a77920e23960944b5999d473feab4fc215a226f57140eae4dd2c8930600f18aff9dcc2debf52c93b5fbf694b4cb560d9388f3743f74e6f686fa56e6709017217b90adee608c13954fa895446454ea7bbd3bdd6eee533997bfd2d0f55192d0f1756fbceb92dbb13890e3e1a7091363d6b72f2d872774bcb9ef57e0bd23b90a3ce681496c65220d62865348ddefdc1d6e2b9769cdf2")
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r5, 0x1004000000016)
close(r3)

10:17:08 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedc8, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:08 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f000044f000)={0xa, 0x4e20}, 0x1c)
perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x857, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
listen(r0, 0xffffffffffffffff)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xa}}}}}}}, &(0x7f00000002c0))

[  369.690909] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  369.710136] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  369.717844] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  369.725192] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  369.732455] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  369.739813] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  369.747074] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000012
10:17:08 executing program 4 (fault-call:11 fault-nth:19):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:17:08 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xffff8801ab91f498, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  369.791367] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
10:17:08 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x0)
close(r1)

10:17:08 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1400, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:08 executing program 3:
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$int_in(r1, 0x5452, &(0x7f0000008ff8)=0x3f)
recvfrom$unix(r2, &(0x7f0000bf5000), 0x0, 0x0, &(0x7f0000d93ff6)=@abs, 0x8)
r3 = getpid()
fcntl$setown(r1, 0x8, r3)
fcntl$setsig(r1, 0xa, 0x12)
dup2(r1, r2)
tkill(r0, 0x16)

[  369.890732] FAULT_INJECTION: forcing a failure.
[  369.890732] name failslab, interval 1, probability 0, space 0, times 0
[  369.902098] CPU: 1 PID: 23740 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  369.910508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  369.919870] Call Trace:
[  369.922465]  dump_stack+0x1c9/0x2b4
[  369.926446]  ? dump_stack_print_info.cold.2+0x52/0x52
[  369.931629]  ? __kernel_text_address+0xd/0x40
[  369.936118]  ? unwind_get_return_address+0x61/0xa0
[  369.941052]  should_fail.cold.4+0xa/0x11
[  369.945117]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  369.950237]  ? save_stack+0xa9/0xd0
[  369.953889]  ? kasan_kmalloc+0xc4/0xe0
[  369.957793]  ? kasan_slab_alloc+0x12/0x20
[  369.961943]  ? kmem_cache_alloc+0x12e/0x760
[  369.966272]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  369.971143]  ? kvm_mmu_load+0x21/0x10e0
[  369.975123]  ? vcpu_enter_guest+0x3aa6/0x6090
[  369.979616]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  369.984630]  ? do_vfs_ioctl+0x1de/0x1720
[  369.988685]  ? ksys_ioctl+0xa9/0xd0
[  369.992307]  ? __x64_sys_ioctl+0x73/0xb0
[  369.996360]  ? do_syscall_64+0x1b9/0x820
[  370.000410]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  370.005772]  ? lock_acquire+0x1e4/0x540
[  370.009755]  ? percpu_ref_put_many+0x119/0x240
[  370.014348]  ? lock_downgrade+0x8f0/0x8f0
[  370.018492]  ? lock_acquire+0x1e4/0x540
[  370.022450]  ? fs_reclaim_acquire+0x20/0x20
[  370.026758]  ? lock_downgrade+0x8f0/0x8f0
[  370.030909]  ? check_same_owner+0x340/0x340
[  370.035238]  ? rcu_note_context_switch+0x730/0x730
[  370.040168]  ? kasan_unpoison_shadow+0x35/0x50
[  370.044828]  __should_failslab+0x124/0x180
[  370.049081]  should_failslab+0x9/0x14
[  370.052872]  kmem_cache_alloc+0x2af/0x760
[  370.057028]  ? kasan_check_write+0x14/0x20
[  370.061266]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  370.066108]  mmu_topup_memory_caches+0xf7/0x3a0
[  370.070779]  kvm_mmu_load+0x21/0x10e0
[  370.074762]  ? rcu_note_context_switch+0x730/0x730
[  370.079686]  ? filemap_map_pages+0xca2/0x1990
[  370.084179]  vcpu_enter_guest+0x3aa6/0x6090
[  370.088506]  ? kasan_check_write+0x14/0x20
[  370.092751]  ? __mutex_lock+0x6c4/0x1680
[  370.096812]  ? kvm_set_msr_common+0x26a0/0x26a0
[  370.101473]  ? lock_acquire+0x1e4/0x540
[  370.105455]  ? vmx_vcpu_load+0xadf/0xff0
[  370.109538]  ? trace_hardirqs_on+0x10/0x10
[  370.113798]  ? vmx_vcpu_reset+0x1040/0x1040
[  370.118112]  ? find_get_entries_tag+0x1410/0x1410
[  370.122963]  ? lock_acquire+0x1e4/0x540
[  370.126940]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  370.131952]  ? lock_release+0xa30/0xa30
[  370.135909]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  370.141177]  ? kvm_arch_dev_ioctl+0x610/0x610
[  370.145660]  ? preempt_notifier_dec+0x20/0x20
[  370.150142]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  370.154965]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  370.159969]  kvm_vcpu_ioctl+0x7b8/0x1300
[  370.164021]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  370.169724]  ? lock_acquire+0x1e4/0x540
[  370.173690]  ? __fget+0x4ac/0x740
[  370.177132]  ? lock_downgrade+0x8f0/0x8f0
[  370.181455]  ? lock_release+0xa30/0xa30
[  370.185413]  ? pid_task+0x115/0x200
[  370.189026]  ? find_vpid+0xf0/0xf0
[  370.192552]  ? __f_unlock_pos+0x19/0x20
[  370.196516]  ? __fget+0x4d5/0x740
[  370.199960]  ? ksys_dup3+0x690/0x690
[  370.203662]  ? kasan_check_write+0x14/0x20
[  370.207880]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  370.212792]  ? fsnotify+0xbac/0x14e0
[  370.216487]  ? vfs_write+0x2f3/0x560
[  370.220184]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  370.225878]  do_vfs_ioctl+0x1de/0x1720
[  370.229749]  ? fsnotify_first_mark+0x350/0x350
[  370.234314]  ? __fsnotify_parent+0xcc/0x420
[  370.238619]  ? ioctl_preallocate+0x300/0x300
[  370.243014]  ? __fget_light+0x2f7/0x440
[  370.246969]  ? fget_raw+0x20/0x20
[  370.250406]  ? __sb_end_write+0xac/0xe0
[  370.254369]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  370.259903]  ? fput+0x130/0x1a0
[  370.263176]  ? ksys_write+0x1ae/0x260
[  370.266962]  ? security_file_ioctl+0x94/0xc0
[  370.271353]  ksys_ioctl+0xa9/0xd0
[  370.274789]  __x64_sys_ioctl+0x73/0xb0
[  370.278747]  do_syscall_64+0x1b9/0x820
[  370.282626]  ? finish_task_switch+0x1d3/0x870
[  370.287103]  ? syscall_return_slowpath+0x5e0/0x5e0
[  370.292027]  ? syscall_return_slowpath+0x31d/0x5e0
[  370.296939]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  370.302220]  ? prepare_exit_to_usermode+0x291/0x3b0
[  370.307224]  ? perf_trace_sys_enter+0xb10/0xb10
[  370.311887]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  370.316729]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  370.322026] RIP: 0033:0x455e29
10:17:09 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x300000000000000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:09 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedcd, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  370.325193] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  370.344484] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  370.352323] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  370.359571] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  370.366825] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  370.374077] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  370.381337] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000013
10:17:09 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x0)
close(r1)

10:17:09 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(0x0, 0x1004000000016)
close(r1)

10:17:09 executing program 4 (fault-call:11 fault-nth:20):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:17:09 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedc7, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  370.500434] FAULT_INJECTION: forcing a failure.
[  370.500434] name failslab, interval 1, probability 0, space 0, times 0
[  370.511757] CPU: 0 PID: 23775 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  370.520152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  370.529500] Call Trace:
[  370.532100]  dump_stack+0x1c9/0x2b4
[  370.535743]  ? dump_stack_print_info.cold.2+0x52/0x52
[  370.540951]  ? __kernel_text_address+0xd/0x40
[  370.545451]  ? unwind_get_return_address+0x61/0xa0
10:17:09 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedca, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:09 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedc1, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  370.550392]  should_fail.cold.4+0xa/0x11
[  370.554546]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  370.559662]  ? save_stack+0xa9/0xd0
[  370.563297]  ? kasan_kmalloc+0xc4/0xe0
[  370.567192]  ? kasan_slab_alloc+0x12/0x20
[  370.571343]  ? kmem_cache_alloc+0x12e/0x760
[  370.575670]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  370.580509]  ? kvm_mmu_load+0x21/0x10e0
[  370.584483]  ? vcpu_enter_guest+0x3aa6/0x6090
[  370.588982]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  370.593995]  ? do_vfs_ioctl+0x1de/0x1720
[  370.598047]  ? ksys_ioctl+0xa9/0xd0
[  370.601659]  ? __x64_sys_ioctl+0x73/0xb0
[  370.605706]  ? do_syscall_64+0x1b9/0x820
[  370.609750]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  370.615115]  ? lock_acquire+0x1e4/0x540
[  370.619074]  ? percpu_ref_put_many+0x119/0x240
[  370.623650]  ? lock_downgrade+0x8f0/0x8f0
[  370.627795]  ? lock_acquire+0x1e4/0x540
[  370.631761]  ? fs_reclaim_acquire+0x20/0x20
[  370.636081]  ? lock_downgrade+0x8f0/0x8f0
[  370.640231]  ? check_same_owner+0x340/0x340
[  370.644558]  ? rcu_note_context_switch+0x730/0x730
10:17:09 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {0x0, 0xfffffffffffffffe}, {}, @time=@time={0x77359400}}], 0x30)
userfaultfd(0x80000)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r2, 0x810c5701, &(0x7f0000000240))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r0)

10:17:09 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xffff8801acea5d58, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:09 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedc3, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  370.649490]  ? kasan_unpoison_shadow+0x35/0x50
[  370.654066]  __should_failslab+0x124/0x180
[  370.658300]  should_failslab+0x9/0x14
[  370.662108]  kmem_cache_alloc+0x2af/0x760
[  370.666258]  ? kasan_check_write+0x14/0x20
[  370.670495]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  370.675343]  mmu_topup_memory_caches+0xf7/0x3a0
[  370.680014]  kvm_mmu_load+0x21/0x10e0
[  370.683817]  ? rcu_note_context_switch+0x730/0x730
[  370.688745]  ? filemap_map_pages+0xca2/0x1990
[  370.693245]  vcpu_enter_guest+0x3aa6/0x6090
10:17:09 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(0xffffffffffffffff)

10:17:09 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x3, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  370.697571]  ? kasan_check_write+0x14/0x20
[  370.701808]  ? __mutex_lock+0x6c4/0x1680
[  370.705882]  ? kvm_set_msr_common+0x26a0/0x26a0
[  370.710564]  ? lock_acquire+0x1e4/0x540
[  370.714534]  ? vmx_vcpu_load+0xadf/0xff0
[  370.718592]  ? trace_hardirqs_on+0x10/0x10
[  370.722841]  ? vmx_vcpu_reset+0x1040/0x1040
[  370.727190]  ? find_get_entries_tag+0x1410/0x1410
[  370.732133]  ? lock_acquire+0x1e4/0x540
[  370.736105]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  370.741117]  ? lock_release+0xa30/0xa30
[  370.745089]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
10:17:09 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedc5, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  370.750370]  ? kvm_arch_dev_ioctl+0x610/0x610
[  370.754868]  ? preempt_notifier_dec+0x20/0x20
[  370.759367]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  370.764220]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  370.769251]  kvm_vcpu_ioctl+0x7b8/0x1300
[  370.773322]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  370.779069]  ? lock_acquire+0x1e4/0x540
[  370.783046]  ? __fget+0x4ac/0x740
[  370.786503]  ? lock_downgrade+0x8f0/0x8f0
[  370.790661]  ? lock_release+0xa30/0xa30
[  370.794636]  ? pid_task+0x115/0x200
[  370.798277]  ? find_vpid+0xf0/0xf0
10:17:09 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedcc, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  370.801832]  ? __f_unlock_pos+0x19/0x20
[  370.805813]  ? __fget+0x4d5/0x740
[  370.809271]  ? ksys_dup3+0x690/0x690
[  370.813015]  ? kasan_check_write+0x14/0x20
[  370.817257]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  370.822205]  ? fsnotify+0xbac/0x14e0
[  370.825920]  ? vfs_write+0x2f3/0x560
[  370.829639]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  370.835349]  do_vfs_ioctl+0x1de/0x1720
[  370.839243]  ? fsnotify_first_mark+0x350/0x350
[  370.843828]  ? __fsnotify_parent+0xcc/0x420
[  370.848152]  ? ioctl_preallocate+0x300/0x300
[  370.852568]  ? __fget_light+0x2f7/0x440
[  370.856543]  ? fget_raw+0x20/0x20
[  370.859999]  ? __sb_end_write+0xac/0xe0
[  370.863970]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  370.869489]  ? fput+0x130/0x1a0
[  370.872752]  ? ksys_write+0x1ae/0x260
[  370.876537]  ? security_file_ioctl+0x94/0xc0
[  370.880929]  ksys_ioctl+0xa9/0xd0
[  370.884364]  __x64_sys_ioctl+0x73/0xb0
[  370.888258]  do_syscall_64+0x1b9/0x820
[  370.892145]  ? finish_task_switch+0x1d3/0x870
[  370.896638]  ? syscall_return_slowpath+0x5e0/0x5e0
[  370.901565]  ? syscall_return_slowpath+0x31d/0x5e0
[  370.906498]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  370.911507]  ? prepare_exit_to_usermode+0x291/0x3b0
[  370.916520]  ? perf_trace_sys_enter+0xb10/0xb10
[  370.921174]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  370.926006]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  370.931187] RIP: 0033:0x455e29
[  370.934366] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  370.953577] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  370.961279] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  370.968542] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  370.976429] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  370.983691] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  370.990949] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000014
10:17:11 executing program 3:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000040)=ANY=[@ANYBLOB="020d00001400000000000000000000000800120000000300ffef00000000000006000000000000000000000000000000e000000100000000000000000000000000000000000000000000000000000000030006000000000002000000ac14dc6049fe0000000083b9030005000000000002000000ac14ffbb00000000000000000400030009000000000000000000000000000000000000000000000000000000793cae78b7d328dbc78c376e898518e3260cf27a27ecd9bd91b663d137aec6c9017ce1b16b69831279ee75533350040d04a58407395f89fa231d290614e293bb92a94c8ebe969b4b1cbd5f942c7977ab8cda44687ef51bf847b1ac3df215c668589b9ac2e2efdb257801f53efc12709c035e03d212f9c9381ec04de8914a2abdff90a52412fa9fbe169c30d0280ec36d81698c2b2ebca4dfd97d8d19c04540e8559cefc59b498c"], 0x147}, 0x1}, 0x0)

10:17:11 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedbc, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:11 executing program 4 (fault-call:11 fault-nth:21):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:17:11 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000000100)={0x0, 0x16, 0x4000000000000}, &(0x7f0000000040)=<r4=>0x0)
lseek(r2, 0x0, 0x1)
timer_settime(r4, 0x0, &(0x7f0000000180)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000140))
tkill(r3, 0x1004000000016)
close(r1)

10:17:11 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x400000000000000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:11 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x0)
close(r1)

10:17:11 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x0)
close(r1)

10:17:11 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(0xffffffffffffffff)

10:17:11 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x7ffffffc, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:11 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedb8, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  372.970863] FAULT_INJECTION: forcing a failure.
[  372.970863] name failslab, interval 1, probability 0, space 0, times 0
[  372.982213] CPU: 0 PID: 23840 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  372.990615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  372.999970] Call Trace:
[  373.002669]  dump_stack+0x1c9/0x2b4
[  373.006307]  ? dump_stack_print_info.cold.2+0x52/0x52
[  373.011500]  ? __kernel_text_address+0xd/0x40
[  373.016226]  ? unwind_get_return_address+0x61/0xa0
10:17:11 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedba, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:11 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedcf, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  373.021165]  should_fail.cold.4+0xa/0x11
[  373.025241]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  373.030353]  ? save_stack+0xa9/0xd0
[  373.034006]  ? kasan_kmalloc+0xc4/0xe0
[  373.037911]  ? kasan_slab_alloc+0x12/0x20
[  373.042062]  ? kmem_cache_alloc+0x12e/0x760
[  373.046387]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  373.051238]  ? kvm_mmu_load+0x21/0x10e0
[  373.055218]  ? vcpu_enter_guest+0x3aa6/0x6090
[  373.059712]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  373.064725]  ? do_vfs_ioctl+0x1de/0x1720
10:17:12 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x2, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:12 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x14, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:12 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x6000, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  373.068785]  ? ksys_ioctl+0xa9/0xd0
[  373.072409]  ? __x64_sys_ioctl+0x73/0xb0
[  373.076472]  ? do_syscall_64+0x1b9/0x820
[  373.080543]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  373.085919]  ? lock_acquire+0x1e4/0x540
[  373.089897]  ? percpu_ref_put_many+0x119/0x240
[  373.094484]  ? lock_downgrade+0x8f0/0x8f0
[  373.098646]  ? lock_acquire+0x1e4/0x540
[  373.102641]  ? fs_reclaim_acquire+0x20/0x20
[  373.106981]  ? lock_downgrade+0x8f0/0x8f0
[  373.111141]  ? check_same_owner+0x340/0x340
[  373.115468]  ? rcu_note_context_switch+0x730/0x730
10:17:12 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedb9, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  373.120401]  ? kasan_unpoison_shadow+0x35/0x50
[  373.125421]  __should_failslab+0x124/0x180
[  373.129665]  should_failslab+0x9/0x14
[  373.133477]  kmem_cache_alloc+0x2af/0x760
[  373.137629]  ? kvm_clock_read+0x25/0x30
[  373.141610]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  373.146640]  ? ktime_get_with_offset+0x32e/0x4b0
[  373.151402]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  373.156251]  mmu_topup_memory_caches+0xf7/0x3a0
[  373.160930]  kvm_mmu_load+0x21/0x10e0
[  373.164740]  ? kasan_check_write+0x14/0x20
[  373.168980]  ? do_raw_spin_lock+0xc1/0x200
[  373.173223]  vcpu_enter_guest+0x3aa6/0x6090
[  373.177545]  ? kvm_set_msr_common+0x26a0/0x26a0
[  373.182200]  ? lock_acquire+0x1e4/0x540
[  373.186167]  ? vmx_vcpu_load+0xadf/0xff0
[  373.190219]  ? trace_hardirqs_on+0x10/0x10
[  373.194438]  ? vmx_vcpu_reset+0x1040/0x1040
[  373.198741]  ? find_get_entries_tag+0x1410/0x1410
[  373.203589]  ? lock_acquire+0x1e4/0x540
[  373.207556]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  373.212569]  ? lock_release+0xa30/0xa30
[  373.216539]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  373.221813]  ? kvm_arch_dev_ioctl+0x610/0x610
[  373.226307]  ? preempt_notifier_dec+0x20/0x20
[  373.230812]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  373.235653]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  373.240654]  kvm_vcpu_ioctl+0x7b8/0x1300
[  373.244703]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  373.250401]  ? lock_acquire+0x1e4/0x540
[  373.254368]  ? __fget+0x4ac/0x740
[  373.257827]  ? lock_downgrade+0x8f0/0x8f0
[  373.261970]  ? lock_release+0xa30/0xa30
[  373.265926]  ? pid_task+0x115/0x200
[  373.269543]  ? find_vpid+0xf0/0xf0
[  373.273073]  ? __f_unlock_pos+0x19/0x20
[  373.277040]  ? __fget+0x4d5/0x740
[  373.280482]  ? ksys_dup3+0x690/0x690
[  373.284192]  ? kasan_check_write+0x14/0x20
[  373.288440]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  373.293350]  ? fsnotify+0xbac/0x14e0
[  373.297075]  ? vfs_write+0x2f3/0x560
[  373.300782]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  373.306580]  do_vfs_ioctl+0x1de/0x1720
[  373.310455]  ? fsnotify_first_mark+0x350/0x350
[  373.315042]  ? __fsnotify_parent+0xcc/0x420
[  373.319362]  ? ioctl_preallocate+0x300/0x300
[  373.323780]  ? __fget_light+0x2f7/0x440
[  373.327747]  ? fget_raw+0x20/0x20
[  373.331200]  ? __sb_end_write+0xac/0xe0
[  373.335194]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  373.340715]  ? fput+0x130/0x1a0
[  373.343980]  ? ksys_write+0x1ae/0x260
[  373.347771]  ? security_file_ioctl+0x94/0xc0
[  373.352170]  ksys_ioctl+0xa9/0xd0
[  373.355608]  __x64_sys_ioctl+0x73/0xb0
[  373.359481]  do_syscall_64+0x1b9/0x820
[  373.363360]  ? finish_task_switch+0x1d3/0x870
[  373.367870]  ? syscall_return_slowpath+0x5e0/0x5e0
[  373.372795]  ? syscall_return_slowpath+0x31d/0x5e0
[  373.377724]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  373.382754]  ? prepare_exit_to_usermode+0x291/0x3b0
[  373.387789]  ? perf_trace_sys_enter+0xb10/0xb10
[  373.392465]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  373.397319]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  373.402506] RIP: 0033:0x455e29
10:17:12 executing program 3:

10:17:12 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedc0, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:12 executing program 4 (fault-call:11 fault-nth:22):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

[  373.405675] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  373.424815] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  373.432530] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  373.440400] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  373.447763] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  373.455028] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  373.462464] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000015
[  373.543584] FAULT_INJECTION: forcing a failure.
[  373.543584] name failslab, interval 1, probability 0, space 0, times 0
[  373.554914] CPU: 0 PID: 23879 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  373.563328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  373.572678] Call Trace:
[  373.575257]  dump_stack+0x1c9/0x2b4
[  373.578883]  ? dump_stack_print_info.cold.2+0x52/0x52
[  373.584070]  ? __kernel_text_address+0xd/0x40
[  373.588561]  ? unwind_get_return_address+0x61/0xa0
[  373.593485]  should_fail.cold.4+0xa/0x11
[  373.597542]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  373.602647]  ? save_stack+0xa9/0xd0
[  373.606274]  ? kasan_kmalloc+0xc4/0xe0
[  373.610154]  ? kasan_slab_alloc+0x12/0x20
[  373.614303]  ? kmem_cache_alloc+0x12e/0x760
[  373.618620]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  373.623450]  ? kvm_mmu_load+0x21/0x10e0
[  373.627410]  ? vcpu_enter_guest+0x3aa6/0x6090
[  373.631890]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  373.636930]  ? do_vfs_ioctl+0x1de/0x1720
[  373.640990]  ? ksys_ioctl+0xa9/0xd0
[  373.644691]  ? __x64_sys_ioctl+0x73/0xb0
[  373.648735]  ? do_syscall_64+0x1b9/0x820
[  373.652801]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  373.658156]  ? lock_acquire+0x1e4/0x540
[  373.662121]  ? percpu_ref_put_many+0x119/0x240
[  373.666698]  ? lock_downgrade+0x8f0/0x8f0
[  373.670840]  ? lock_acquire+0x1e4/0x540
[  373.674798]  ? fs_reclaim_acquire+0x20/0x20
[  373.679126]  ? lock_downgrade+0x8f0/0x8f0
[  373.683257]  ? check_same_owner+0x340/0x340
[  373.687566]  ? rcu_note_context_switch+0x730/0x730
[  373.692501]  ? kasan_unpoison_shadow+0x35/0x50
[  373.697079]  __should_failslab+0x124/0x180
[  373.701328]  should_failslab+0x9/0x14
[  373.705121]  kmem_cache_alloc+0x2af/0x760
[  373.709256]  ? kasan_check_write+0x14/0x20
[  373.713489]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  373.718319]  mmu_topup_memory_caches+0xf7/0x3a0
[  373.722976]  kvm_mmu_load+0x21/0x10e0
[  373.726764]  ? rcu_note_context_switch+0x730/0x730
[  373.731689]  ? filemap_map_pages+0xca2/0x1990
[  373.736538]  vcpu_enter_guest+0x3aa6/0x6090
[  373.740944]  ? kasan_check_write+0x14/0x20
[  373.745164]  ? __mutex_lock+0x6c4/0x1680
[  373.749221]  ? kvm_set_msr_common+0x26a0/0x26a0
[  373.753883]  ? lock_acquire+0x1e4/0x540
[  373.757850]  ? vmx_vcpu_load+0xadf/0xff0
[  373.761899]  ? trace_hardirqs_on+0x10/0x10
[  373.766126]  ? vmx_vcpu_reset+0x1040/0x1040
[  373.770441]  ? find_get_entries_tag+0x1410/0x1410
[  373.775281]  ? lock_acquire+0x1e4/0x540
[  373.779250]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  373.784259]  ? lock_release+0xa30/0xa30
[  373.788227]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  373.793511]  ? kvm_arch_dev_ioctl+0x610/0x610
[  373.798027]  ? preempt_notifier_dec+0x20/0x20
[  373.802528]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  373.807365]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  373.812375]  kvm_vcpu_ioctl+0x7b8/0x1300
[  373.816433]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  373.822149]  ? lock_acquire+0x1e4/0x540
[  373.826129]  ? __fget+0x4ac/0x740
[  373.829584]  ? lock_downgrade+0x8f0/0x8f0
[  373.833732]  ? lock_release+0xa30/0xa30
[  373.837698]  ? pid_task+0x115/0x200
[  373.841322]  ? find_vpid+0xf0/0xf0
[  373.844857]  ? __f_unlock_pos+0x19/0x20
[  373.848825]  ? __fget+0x4d5/0x740
[  373.852281]  ? ksys_dup3+0x690/0x690
[  373.855992]  ? kasan_check_write+0x14/0x20
[  373.860217]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  373.865143]  ? fsnotify+0xbac/0x14e0
[  373.868853]  ? vfs_write+0x2f3/0x560
[  373.872742]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  373.878452]  do_vfs_ioctl+0x1de/0x1720
[  373.882345]  ? fsnotify_first_mark+0x350/0x350
[  373.886934]  ? __fsnotify_parent+0xcc/0x420
[  373.891255]  ? ioctl_preallocate+0x300/0x300
[  373.895654]  ? __fget_light+0x2f7/0x440
[  373.899624]  ? fget_raw+0x20/0x20
[  373.903059]  ? __sb_end_write+0xac/0xe0
[  373.907025]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  373.912549]  ? fput+0x130/0x1a0
[  373.915820]  ? ksys_write+0x1ae/0x260
[  373.919609]  ? security_file_ioctl+0x94/0xc0
[  373.924024]  ksys_ioctl+0xa9/0xd0
[  373.927465]  __x64_sys_ioctl+0x73/0xb0
[  373.931345]  do_syscall_64+0x1b9/0x820
[  373.935228]  ? finish_task_switch+0x1d3/0x870
[  373.939706]  ? syscall_return_slowpath+0x5e0/0x5e0
[  373.944652]  ? syscall_return_slowpath+0x31d/0x5e0
[  373.949590]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  373.954607]  ? prepare_exit_to_usermode+0x291/0x3b0
[  373.959613]  ? perf_trace_sys_enter+0xb10/0xb10
[  373.964521]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  373.969523]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  373.974691] RIP: 0033:0x455e29
[  373.977856] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  373.997006] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  374.004719] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  374.011981] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  374.019242] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  374.026502] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  374.033771] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000016
10:17:14 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x40000, &(0x7f0000000100)={{0x0, 0x8}}, &(0x7f0000000040))
tkill(r3, 0x1004000000016)
close(r1)

10:17:14 executing program 3:

10:17:14 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedbf, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:14 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(0xffffffffffffffff)

10:17:14 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(0xffffffffffffffff)

10:17:14 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x0)
close(r1)

10:17:14 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:14 executing program 4 (fault-call:11 fault-nth:23):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:17:14 executing program 3:

10:17:14 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x9, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  375.992975] FAULT_INJECTION: forcing a failure.
[  375.992975] name failslab, interval 1, probability 0, space 0, times 0
[  376.004283] CPU: 0 PID: 23916 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  376.012686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  376.022043] Call Trace:
[  376.024638]  dump_stack+0x1c9/0x2b4
[  376.028279]  ? dump_stack_print_info.cold.2+0x52/0x52
[  376.033493]  ? __kernel_text_address+0xd/0x40
[  376.037998]  ? unwind_get_return_address+0x61/0xa0
10:17:14 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xffff8801a71b1578, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:14 executing program 3:

10:17:15 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedbd, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  376.042931]  should_fail.cold.4+0xa/0x11
[  376.046996]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  376.052108]  ? save_stack+0xa9/0xd0
[  376.055918]  ? kasan_kmalloc+0xc4/0xe0
[  376.060850]  ? kasan_slab_alloc+0x12/0x20
[  376.065007]  ? kmem_cache_alloc+0x12e/0x760
[  376.069341]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  376.074195]  ? kvm_mmu_load+0x21/0x10e0
[  376.078175]  ? vcpu_enter_guest+0x3aa6/0x6090
[  376.082679]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  376.087698]  ? do_vfs_ioctl+0x1de/0x1720
10:17:15 executing program 3:

10:17:15 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedd2, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  376.091770]  ? ksys_ioctl+0xa9/0xd0
[  376.095398]  ? __x64_sys_ioctl+0x73/0xb0
[  376.099467]  ? do_syscall_64+0x1b9/0x820
[  376.103541]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  376.108924]  ? lock_acquire+0x1e4/0x540
[  376.112901]  ? percpu_ref_put_many+0x119/0x240
[  376.117485]  ? lock_downgrade+0x8f0/0x8f0
[  376.121652]  ? lock_acquire+0x1e4/0x540
[  376.125635]  ? fs_reclaim_acquire+0x20/0x20
[  376.129963]  ? lock_downgrade+0x8f0/0x8f0
[  376.134148]  ? lock_downgrade+0x8f0/0x8f0
[  376.138305]  ? check_same_owner+0x340/0x340
10:17:15 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedc9, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  376.142633]  ? rcu_note_context_switch+0x730/0x730
[  376.147572]  ? kasan_unpoison_shadow+0x35/0x50
[  376.152167]  __should_failslab+0x124/0x180
[  376.156413]  should_failslab+0x9/0x14
[  376.160224]  kmem_cache_alloc+0x2af/0x760
[  376.164381]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  376.169230]  mmu_topup_memory_caches+0xf7/0x3a0
[  376.173906]  kvm_mmu_load+0x21/0x10e0
[  376.177715]  ? rcu_note_context_switch+0x730/0x730
[  376.182651]  ? filemap_map_pages+0xca2/0x1990
[  376.187158]  vcpu_enter_guest+0x3aa6/0x6090
[  376.191495]  ? kasan_check_write+0x14/0x20
[  376.195741]  ? __mutex_lock+0x6c4/0x1680
[  376.199817]  ? kvm_set_msr_common+0x26a0/0x26a0
[  376.204486]  ? lock_acquire+0x1e4/0x540
[  376.208465]  ? vmx_vcpu_load+0xadf/0xff0
[  376.212525]  ? trace_hardirqs_on+0x10/0x10
[  376.216764]  ? vmx_vcpu_reset+0x1040/0x1040
[  376.221090]  ? find_get_entries_tag+0x1410/0x1410
[  376.225934]  ? lock_acquire+0x1e4/0x540
[  376.229913]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  376.234933]  ? lock_release+0xa30/0xa30
[  376.238899]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  376.244165]  ? kvm_arch_dev_ioctl+0x610/0x610
[  376.248648]  ? preempt_notifier_dec+0x20/0x20
[  376.253140]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  376.258768]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  376.263774]  kvm_vcpu_ioctl+0x7b8/0x1300
[  376.267827]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  376.273545]  ? lock_acquire+0x1e4/0x540
[  376.277506]  ? __fget+0x4ac/0x740
[  376.280955]  ? lock_downgrade+0x8f0/0x8f0
[  376.285105]  ? lock_release+0xa30/0xa30
[  376.289077]  ? pid_task+0x115/0x200
[  376.292703]  ? find_vpid+0xf0/0xf0
[  376.296234]  ? __f_unlock_pos+0x19/0x20
[  376.300198]  ? __fget+0x4d5/0x740
[  376.303650]  ? ksys_dup3+0x690/0x690
[  376.307357]  ? kasan_check_write+0x14/0x20
[  376.311579]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  376.316528]  ? fsnotify+0xbac/0x14e0
[  376.320238]  ? vfs_write+0x2f3/0x560
[  376.323936]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  376.329636]  do_vfs_ioctl+0x1de/0x1720
[  376.333520]  ? fsnotify_first_mark+0x350/0x350
[  376.338082]  ? __fsnotify_parent+0xcc/0x420
[  376.342386]  ? ioctl_preallocate+0x300/0x300
[  376.346775]  ? __fget_light+0x2f7/0x440
[  376.350735]  ? fget_raw+0x20/0x20
[  376.354179]  ? __sb_end_write+0xac/0xe0
[  376.358136]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  376.363653]  ? fput+0x130/0x1a0
[  376.366923]  ? ksys_write+0x1ae/0x260
[  376.370720]  ? security_file_ioctl+0x94/0xc0
[  376.375112]  ksys_ioctl+0xa9/0xd0
[  376.378553]  __x64_sys_ioctl+0x73/0xb0
[  376.382435]  do_syscall_64+0x1b9/0x820
[  376.386321]  ? finish_task_switch+0x1d3/0x870
[  376.390817]  ? syscall_return_slowpath+0x5e0/0x5e0
[  376.395732]  ? syscall_return_slowpath+0x31d/0x5e0
[  376.400646]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  376.405668]  ? prepare_exit_to_usermode+0x291/0x3b0
[  376.410702]  ? perf_trace_sys_enter+0xb10/0xb10
[  376.415357]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  376.420199]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  376.425388] RIP: 0033:0x455e29
[  376.428565] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  376.447719] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  376.455421] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  376.462698] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  376.469977] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  376.477244] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  376.484511] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000017
10:17:17 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f00000005c0)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
socketpair(0x1d, 0x805, 0x2, &(0x7f0000000040)={<r2=>0xffffffffffffffff})
connect$vsock_dgram(r2, &(0x7f0000000500)={0x28, 0x0, 0xffffffff, @any=0xffffffff}, 0x10)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f0000000100)={"ab23591c5d1ac2186ddb0b85bf59f02eb7556203ef4653f48c1602c8ee6e7567a244b4d362ef6039d85d99858b2fd92d5f899188f3fb274a7f0488f76a392b9ac88ca4cc68857be83f672e210521d172e0060e21d70212955ba3e69e53f01ceba595a6677ba1611ee28c1a626fdff79afcb4efb393e25633168d1068fea97804ba3c643e39bc2f1ee41311ecbe5ab5c12cc5415c74002790537ba0bdd1df7fe87c32cfe431a39a4d3978c19e8d03c72c6c808c14274b74183051136ebf50317dfbfa4fd9bcf2f5caedaa4d7e0f30e04bee36e3f9437e660d2e3bd6043335b56bee455608231fef3650f32cb73a4736a2861e4c8c1be7a3967065ff1ebd231ae5453546750849444a111dba4019d0c3d2cea1a95472438a522f8f569b32adb97c414da50a9834aba8de07d43da55d5dc9a1390386a45841f20ac9d2084276c1b5de981a75699b043bae56bcb824f1609f56827bfbac26a835f37b4db06b7287f380428c626ab4f2efb3cacf7d0820e2e9b1d3bcb057aaefb90a73d4f512a888afb060b89887642a935e3805efe51384b329cabec50aaa88647d17614f4450a0726255ea9cb872a383c285bab193f3340ed81d2520c8a4f59774fe278196fddb51bc06c0fcc00d92e5665947c535c10de20e65302a10114ef3660a45fae0e6039cef1d8d4dad65d4d328af720f6c3ff34baf36b0edebdf5c06f4c9cbb9cd70600167fe8b9dfe480e2a4c97da4261e37d654fe85ed1df8d0fcf5c683c14823faba389ed942aca696b8b1ebb307d2d0793ba1eb0d37dbae4d0a2b33c1fab1c33d4ccc85b8b57233ad61cf38bbac837328f634659aacf05e8561462667b173b82d90cc2b09ed8166e3e1511fe000d095ba03f49e2457ca9bda87e06b592bdec7d88852e66a71e9fb8e3c816a3f95f25ecd5e83941e8ac94afafaa97e62f6f2810ad4d3fcd96274a8693c7cbac39677115c280787176c29eca08ff27a8230da1b0dedaa47e85a1c129c2d8248f6096618e97d705acb953de1641a87277c2456faec6c81e72a36ae73f2f330777f6045495a72f61317a014ed5f6274ec86d44efeb286f7d7e1be191862d967eb66858bd949ccc82f412b2e973613f7c5f059993926079609ec11bc3d558fc7aaae74b44638b9ad96ce6d8a9317799c6f5c064b3e27381ff74b8f79daa1b2096dff359f253d65aea14e8a63ec7d04782f2aa77ec5118d5998dcfb218493267311da695e7ff54a7ad6c05101ca0c16da4689a33bac3d8e28ceeeddeb154658786daf2371b494729be31ed4b76e0abee91e8ac3bd6e6a1b48053b7524899ea5e00539f536089af04cfbbc9424df2bc8742195da4d9f80843c205d4e07690babbc9f6262b2e849990ae602fdc4bb1e2cd4cf884733eea3d4738be4441b809a99fe17766a758f361ef92dd38ae1570a3ad4a68c73a54f4070a"})
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r3, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000540)={0xaa, 0x10})
tkill(r4, 0x1004000000016)
close(r1)

10:17:17 executing program 3:

10:17:17 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xffff8801a71b1658, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:17 executing program 4 (fault-call:11 fault-nth:24):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:17:17 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x0)
close(r1)

10:17:17 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe000000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:17 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(0xffffffffffffffff)

10:17:17 executing program 7:

10:17:17 executing program 7:
r0 = inotify_init()
perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x857, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000002b40)='/dev/vcs#\x00', 0x0, 0x0)
inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0xfe)
creat(&(0x7f0000000400)='./file0\x00', 0x0)
dup2(r1, r0)
open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)

10:17:17 executing program 3:
socket$inet6(0xa, 0x1000000000002, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000001300)={'#! ', './file0', [], 0xa}, 0xb)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x2}, 0x1c)
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @ipv4={[], [0xff, 0xff], @loopback=0x7f000001}}, 0x1c)
sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0x0)
r1 = creat(&(0x7f0000001380)='./file0\x00', 0x0)
r2 = creat(&(0x7f0000000440)='./file0\x00', 0x0)
ioctl$fiemap(r2, 0x40086602, &(0x7f0000000100)=ANY=[@ANYBLOB='?['])
ioctl$FS_IOC_FSSETXATTR(r1, 0x40086602, &(0x7f0000000080))

10:17:18 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedc4, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:18 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x7ffffffd, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  379.071375] FAULT_INJECTION: forcing a failure.
[  379.071375] name failslab, interval 1, probability 0, space 0, times 0
[  379.082713] CPU: 0 PID: 23967 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  379.091299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  379.100754] Call Trace:
[  379.103358]  dump_stack+0x1c9/0x2b4
[  379.107003]  ? dump_stack_print_info.cold.2+0x52/0x52
[  379.112209]  ? __kernel_text_address+0xd/0x40
[  379.116715]  ? unwind_get_return_address+0x61/0xa0
[  379.121740]  should_fail.cold.4+0xa/0x11
[  379.125813]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  379.130933]  ? save_stack+0xa9/0xd0
[  379.134708]  ? kasan_kmalloc+0xc4/0xe0
[  379.138766]  ? kasan_slab_alloc+0x12/0x20
[  379.142901]  ? kmem_cache_alloc+0x12e/0x760
[  379.147296]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  379.152124]  ? kvm_mmu_load+0x21/0x10e0
[  379.156086]  ? vcpu_enter_guest+0x3aa6/0x6090
[  379.160617]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  379.165620]  ? do_vfs_ioctl+0x1de/0x1720
[  379.169759]  ? ksys_ioctl+0xa9/0xd0
[  379.173370]  ? __x64_sys_ioctl+0x73/0xb0
[  379.177416]  ? do_syscall_64+0x1b9/0x820
[  379.181549]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  379.186996]  ? lock_acquire+0x1e4/0x540
[  379.191048]  ? percpu_ref_put_many+0x119/0x240
[  379.195620]  ? lock_downgrade+0x8f0/0x8f0
[  379.199755]  ? lock_acquire+0x1e4/0x540
[  379.203715]  ? fs_reclaim_acquire+0x20/0x20
[  379.208035]  ? lock_downgrade+0x8f0/0x8f0
[  379.212169]  ? check_same_owner+0x340/0x340
[  379.216567]  ? rcu_note_context_switch+0x730/0x730
[  379.221481]  ? kasan_unpoison_shadow+0x35/0x50
[  379.226055]  __should_failslab+0x124/0x180
[  379.230275]  should_failslab+0x9/0x14
[  379.234059]  kmem_cache_alloc+0x2af/0x760
[  379.238372]  ? kvm_clock_read+0x25/0x30
[  379.242515]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  379.247518]  ? ktime_get_with_offset+0x32e/0x4b0
[  379.252268]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  379.257098]  mmu_topup_memory_caches+0xf7/0x3a0
[  379.261753]  kvm_mmu_load+0x21/0x10e0
[  379.265538]  ? kasan_check_write+0x14/0x20
[  379.269756]  ? do_raw_spin_lock+0xc1/0x200
[  379.273975]  vcpu_enter_guest+0x3aa6/0x6090
[  379.278286]  ? kvm_set_msr_common+0x26a0/0x26a0
[  379.282936]  ? cpuacct_charge+0x30a/0x5d0
[  379.287070]  ? vmx_vcpu_load+0xadf/0xff0
[  379.291126]  ? trace_hardirqs_on+0x10/0x10
[  379.295359]  ? vmx_vcpu_reset+0x1040/0x1040
[  379.299664]  ? update_curr+0x4e7/0xc00
[  379.303543]  ? find_get_entries_tag+0x1410/0x1410
[  379.308370]  ? __account_cfs_rq_runtime+0x770/0x770
[  379.313375]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  379.318897]  ? lock_acquire+0x1e4/0x540
[  379.322856]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  379.327865]  ? lock_release+0xa30/0xa30
[  379.331822]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  379.337082]  ? kvm_arch_dev_ioctl+0x610/0x610
[  379.341560]  ? preempt_notifier_dec+0x20/0x20
[  379.346052]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  379.350887]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  379.355894]  kvm_vcpu_ioctl+0x7b8/0x1300
[  379.359945]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  379.365642]  ? lock_acquire+0x1e4/0x540
[  379.369597]  ? __fget+0x4ac/0x740
[  379.373035]  ? lock_downgrade+0x8f0/0x8f0
[  379.377166]  ? lock_release+0xa30/0xa30
[  379.381142]  ? pid_task+0x115/0x200
[  379.384777]  ? find_vpid+0xf0/0xf0
[  379.388314]  ? __f_unlock_pos+0x19/0x20
[  379.392269]  ? __fget+0x4d5/0x740
[  379.395801]  ? ksys_dup3+0x690/0x690
[  379.399601]  ? kasan_check_write+0x14/0x20
[  379.403830]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  379.408742]  ? fsnotify+0xbac/0x14e0
[  379.412456]  ? vfs_write+0x2f3/0x560
[  379.416156]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  379.421937]  do_vfs_ioctl+0x1de/0x1720
[  379.425807]  ? fsnotify_first_mark+0x350/0x350
[  379.430543]  ? __fsnotify_parent+0xcc/0x420
[  379.434846]  ? ioctl_preallocate+0x300/0x300
[  379.439244]  ? __fget_light+0x2f7/0x440
[  379.443199]  ? fget_raw+0x20/0x20
[  379.446639]  ? __sb_end_write+0xac/0xe0
[  379.450619]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  379.456143]  ? fput+0x130/0x1a0
[  379.459406]  ? ksys_write+0x1ae/0x260
[  379.463314]  ? security_file_ioctl+0x94/0xc0
[  379.467713]  ksys_ioctl+0xa9/0xd0
[  379.471149]  __x64_sys_ioctl+0x73/0xb0
[  379.475025]  do_syscall_64+0x1b9/0x820
[  379.478897]  ? syscall_slow_exit_work+0x500/0x500
[  379.483733]  ? syscall_return_slowpath+0x5e0/0x5e0
[  379.488657]  ? syscall_return_slowpath+0x31d/0x5e0
[  379.493573]  ? prepare_exit_to_usermode+0x291/0x3b0
[  379.498574]  ? perf_trace_sys_enter+0xb10/0xb10
[  379.503229]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  379.508057]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  379.513228] RIP: 0033:0x455e29
[  379.516402] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  379.535672] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  379.543363] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  379.550821] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  379.558071] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  379.565323] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
10:17:18 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedc6, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:18 executing program 7:

10:17:18 executing program 4 (fault-call:11 fault-nth:25):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

[  379.572590] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000018
10:17:18 executing program 7:

[  379.738387] FAULT_INJECTION: forcing a failure.
[  379.738387] name failslab, interval 1, probability 0, space 0, times 0
[  379.750061] CPU: 0 PID: 23995 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  379.758477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  379.767847] Call Trace:
[  379.770543]  dump_stack+0x1c9/0x2b4
[  379.774165]  ? dump_stack_print_info.cold.2+0x52/0x52
[  379.779345]  ? __kernel_text_address+0xd/0x40
[  379.783825]  ? unwind_get_return_address+0x61/0xa0
[  379.788775]  should_fail.cold.4+0xa/0x11
[  379.792840]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  379.797932]  ? save_stack+0xa9/0xd0
[  379.801547]  ? kasan_kmalloc+0xc4/0xe0
[  379.805427]  ? kasan_slab_alloc+0x12/0x20
[  379.809563]  ? kmem_cache_alloc+0x12e/0x760
[  379.813874]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  379.818720]  ? kvm_mmu_load+0x21/0x10e0
[  379.822695]  ? vcpu_enter_guest+0x3aa6/0x6090
[  379.827197]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  379.832210]  ? do_vfs_ioctl+0x1de/0x1720
[  379.836252]  ? ksys_ioctl+0xa9/0xd0
[  379.839860]  ? __x64_sys_ioctl+0x73/0xb0
[  379.843921]  ? do_syscall_64+0x1b9/0x820
[  379.847986]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  379.853356]  ? lock_acquire+0x1e4/0x540
[  379.857338]  ? percpu_ref_put_many+0x119/0x240
[  379.861928]  ? lock_downgrade+0x8f0/0x8f0
[  379.866089]  ? lock_acquire+0x1e4/0x540
[  379.870069]  ? fs_reclaim_acquire+0x20/0x20
[  379.874412]  ? lock_downgrade+0x8f0/0x8f0
[  379.878565]  ? check_same_owner+0x340/0x340
[  379.882907]  ? rcu_note_context_switch+0x730/0x730
[  379.887847]  ? kasan_unpoison_shadow+0x35/0x50
[  379.892459]  __should_failslab+0x124/0x180
[  379.896700]  should_failslab+0x9/0x14
[  379.900511]  kmem_cache_alloc+0x2af/0x760
[  379.904663]  ? kasan_check_write+0x14/0x20
[  379.908904]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  379.913755]  mmu_topup_memory_caches+0xf7/0x3a0
[  379.918431]  kvm_mmu_load+0x21/0x10e0
[  379.922234]  ? rcu_note_context_switch+0x730/0x730
[  379.927159]  vcpu_enter_guest+0x3aa6/0x6090
[  379.931481]  ? kasan_check_write+0x14/0x20
10:17:18 executing program 6:
r0 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x80, 0x381000)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000100)={<r1=>0x0, 0x7, 0x2ae}, &(0x7f0000000140)=0x8)
setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000180)={r1, 0x7, 0x4}, 0x8)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x0)
getsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f00000001c0)={r1, 0x6a9e, 0x2, 0x1f}, &(0x7f0000000200)=0x10)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r4, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r5 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r4, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r5, 0x1004000000016)
close(r3)

10:17:18 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0xedc2, 0x0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:18 executing program 7:

10:17:18 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x3000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:18 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(0xffffffffffffffff)

[  379.935720]  ? __mutex_lock+0x6c4/0x1680
[  379.939785]  ? kvm_set_msr_common+0x26a0/0x26a0
[  379.944460]  ? cpuacct_charge+0x30a/0x5d0
[  379.948616]  ? vmx_vcpu_load+0xadf/0xff0
[  379.952684]  ? trace_hardirqs_on+0x10/0x10
[  379.956925]  ? vmx_vcpu_reset+0x1040/0x1040
[  379.961257]  ? update_curr+0x4e7/0xc00
[  379.965168]  ? find_get_entries_tag+0x1410/0x1410
[  379.970021]  ? __account_cfs_rq_runtime+0x770/0x770
[  379.975050]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  379.980594]  ? lock_acquire+0x1e4/0x540
[  379.984573]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
10:17:18 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(0xffffffffffffffff)

10:17:18 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xcaed, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  379.989594]  ? lock_release+0xa30/0xa30
[  379.993567]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  379.998847]  ? kvm_arch_dev_ioctl+0x610/0x610
[  380.003349]  ? preempt_notifier_dec+0x20/0x20
[  380.007867]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  380.012715]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  380.017744]  kvm_vcpu_ioctl+0x7b8/0x1300
[  380.021815]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  380.027541]  ? lock_acquire+0x1e4/0x540
[  380.031526]  ? __fget+0x4ac/0x740
[  380.034988]  ? lock_downgrade+0x8f0/0x8f0
10:17:19 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xedcc, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  380.039142]  ? lock_release+0xa30/0xa30
[  380.043121]  ? pid_task+0x115/0x200
[  380.046754]  ? find_vpid+0xf0/0xf0
[  380.050301]  ? __f_unlock_pos+0x19/0x20
[  380.054278]  ? __fget+0x4d5/0x740
[  380.057738]  ? ksys_dup3+0x690/0x690
[  380.061473]  ? kasan_check_write+0x14/0x20
[  380.065712]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  380.070812]  ? fsnotify+0xbac/0x14e0
[  380.074530]  ? vfs_write+0x2f3/0x560
[  380.078335]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  380.084049]  do_vfs_ioctl+0x1de/0x1720
10:17:19 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xedba, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  380.087969]  ? fsnotify_first_mark+0x350/0x350
[  380.092898]  ? __fsnotify_parent+0xcc/0x420
[  380.097215]  ? ioctl_preallocate+0x300/0x300
[  380.101621]  ? __fget_light+0x2f7/0x440
[  380.105613]  ? fget_raw+0x20/0x20
[  380.109069]  ? __sb_end_write+0xac/0xe0
[  380.113046]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  380.118682]  ? fput+0x130/0x1a0
[  380.121965]  ? ksys_write+0x1ae/0x260
[  380.125770]  ? security_file_ioctl+0x94/0xc0
[  380.130182]  ksys_ioctl+0xa9/0xd0
[  380.133624]  __x64_sys_ioctl+0x73/0xb0
[  380.137518]  do_syscall_64+0x1b9/0x820
[  380.141415]  ? syscall_slow_exit_work+0x500/0x500
[  380.146260]  ? syscall_return_slowpath+0x5e0/0x5e0
[  380.151197]  ? syscall_return_slowpath+0x31d/0x5e0
[  380.157611]  ? prepare_exit_to_usermode+0x291/0x3b0
[  380.162631]  ? perf_trace_sys_enter+0xb10/0xb10
[  380.167309]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  380.172155]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  380.177341] RIP: 0033:0x455e29
[  380.180605] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  380.199742] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  380.207459] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  380.214713] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  380.221971] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  380.229244] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
10:17:19 executing program 3:

10:17:19 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd3ed000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:19 executing program 7:

10:17:19 executing program 4 (fault-call:11 fault-nth:26):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

[  380.236496] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 0000000000000019
10:17:19 executing program 7:

10:17:19 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xc1ed000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:19 executing program 3:

[  380.362266] FAULT_INJECTION: forcing a failure.
[  380.362266] name failslab, interval 1, probability 0, space 0, times 0
[  380.373613] CPU: 0 PID: 24047 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  380.382021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  380.391377] Call Trace:
[  380.393992]  dump_stack+0x1c9/0x2b4
[  380.397639]  ? dump_stack_print_info.cold.2+0x52/0x52
[  380.402828]  ? __kernel_text_address+0xd/0x40
[  380.407331]  ? unwind_get_return_address+0x61/0xa0
[  380.412291]  should_fail.cold.4+0xa/0x11
[  380.416398]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  380.421512]  ? save_stack+0xa9/0xd0
[  380.425147]  ? kasan_kmalloc+0xc4/0xe0
[  380.429037]  ? kasan_slab_alloc+0x12/0x20
[  380.433169]  ? kmem_cache_alloc+0x12e/0x760
[  380.437474]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  380.442308]  ? kvm_mmu_load+0x21/0x10e0
[  380.446274]  ? vcpu_enter_guest+0x3aa6/0x6090
[  380.450752]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  380.455765]  ? do_vfs_ioctl+0x1de/0x1720
[  380.459815]  ? ksys_ioctl+0xa9/0xd0
[  380.463429]  ? __x64_sys_ioctl+0x73/0xb0
[  380.467482]  ? do_syscall_64+0x1b9/0x820
[  380.471536]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  380.476886]  ? lock_acquire+0x1e4/0x540
[  380.480846]  ? percpu_ref_put_many+0x119/0x240
[  380.485590]  ? lock_downgrade+0x8f0/0x8f0
[  380.489742]  ? lock_acquire+0x1e4/0x540
[  380.493706]  ? fs_reclaim_acquire+0x20/0x20
[  380.498021]  ? lock_downgrade+0x8f0/0x8f0
[  380.502159]  ? check_same_owner+0x340/0x340
[  380.506464]  ? rcu_note_context_switch+0x730/0x730
[  380.511377]  ? kasan_unpoison_shadow+0x35/0x50
[  380.515954]  __should_failslab+0x124/0x180
[  380.520179]  should_failslab+0x9/0x14
[  380.523968]  kmem_cache_alloc+0x2af/0x760
[  380.528108]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  380.532961]  mmu_topup_memory_caches+0xf7/0x3a0
[  380.537634]  kvm_mmu_load+0x21/0x10e0
[  380.541427]  ? rcu_note_context_switch+0x730/0x730
[  380.546445]  ? filemap_map_pages+0xca2/0x1990
[  380.550940]  vcpu_enter_guest+0x3aa6/0x6090
[  380.555253]  ? kasan_check_write+0x14/0x20
[  380.559474]  ? __mutex_lock+0x6c4/0x1680
[  380.563522]  ? kvm_set_msr_common+0x26a0/0x26a0
[  380.568180]  ? lock_acquire+0x1e4/0x540
[  380.572148]  ? vmx_vcpu_load+0xadf/0xff0
[  380.576320]  ? trace_hardirqs_on+0x10/0x10
[  380.580576]  ? vmx_vcpu_reset+0x1040/0x1040
[  380.584894]  ? find_get_entries_tag+0x1410/0x1410
[  380.589728]  ? lock_acquire+0x1e4/0x540
[  380.593868]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  380.598880]  ? lock_release+0xa30/0xa30
[  380.602847]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  380.608111]  ? kvm_arch_dev_ioctl+0x610/0x610
[  380.612596]  ? preempt_notifier_dec+0x20/0x20
[  380.617091]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  380.621922]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  380.626928]  kvm_vcpu_ioctl+0x7b8/0x1300
[  380.630972]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  380.636672]  ? lock_acquire+0x1e4/0x540
[  380.640633]  ? __fget+0x4ac/0x740
[  380.644073]  ? lock_downgrade+0x8f0/0x8f0
[  380.648201]  ? lock_release+0xa30/0xa30
[  380.652504]  ? pid_task+0x115/0x200
[  380.656114]  ? find_vpid+0xf0/0xf0
[  380.659644]  ? __f_unlock_pos+0x19/0x20
[  380.663607]  ? __fget+0x4d5/0x740
[  380.667091]  ? ksys_dup3+0x690/0x690
[  380.670812]  ? kasan_check_write+0x14/0x20
[  380.675040]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  380.679960]  ? fsnotify+0xbac/0x14e0
[  380.683659]  ? vfs_write+0x2f3/0x560
[  380.687358]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  380.693048]  do_vfs_ioctl+0x1de/0x1720
[  380.696924]  ? fsnotify_first_mark+0x350/0x350
[  380.701497]  ? __fsnotify_parent+0xcc/0x420
[  380.705973]  ? ioctl_preallocate+0x300/0x300
[  380.710367]  ? __fget_light+0x2f7/0x440
[  380.714324]  ? fget_raw+0x20/0x20
[  380.717761]  ? __sb_end_write+0xac/0xe0
[  380.721732]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  380.727266]  ? fput+0x130/0x1a0
[  380.730536]  ? ksys_write+0x1ae/0x260
[  380.734333]  ? security_file_ioctl+0x94/0xc0
[  380.738724]  ksys_ioctl+0xa9/0xd0
[  380.742158]  __x64_sys_ioctl+0x73/0xb0
[  380.746034]  do_syscall_64+0x1b9/0x820
[  380.749905]  ? syscall_slow_exit_work+0x500/0x500
[  380.754736]  ? syscall_return_slowpath+0x5e0/0x5e0
[  380.759652]  ? syscall_return_slowpath+0x31d/0x5e0
[  380.764565]  ? prepare_exit_to_usermode+0x291/0x3b0
[  380.769565]  ? perf_trace_sys_enter+0xb10/0xb10
[  380.774217]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  380.779067]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  380.784255] RIP: 0033:0x455e29
[  380.787423] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  380.806549] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  380.814256] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  380.821523] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  380.828789] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  380.836053] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  380.843324] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 000000000000001a
10:17:19 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000013000/0x3000)=nil, 0x3000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0xffffffffffffffff)
r1 = userfaultfd(0x0)
r2 = socket$vsock_dgram(0x28, 0x2, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x48)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)=<r5=>0x0)
timer_getoverrun(r5)
lseek(r3, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r4, 0x1004000000016)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r3, 0x28, &(0x7f0000000040)={0x0, <r6=>0x0}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={r6, 0x8001, 0x10}, 0xc)
getsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180), 0x10)
close(r0)

10:17:19 executing program 7:

10:17:19 executing program 3:

10:17:19 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xbced0000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:19 executing program 4 (fault-call:11 fault-nth:27):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

[  380.997353] FAULT_INJECTION: forcing a failure.
[  380.997353] name failslab, interval 1, probability 0, space 0, times 0
[  381.008647] CPU: 1 PID: 24076 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  381.017049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  381.026416] Call Trace:
[  381.029019]  dump_stack+0x1c9/0x2b4
[  381.032660]  ? dump_stack_print_info.cold.2+0x52/0x52
[  381.037858]  ? __kernel_text_address+0xd/0x40
[  381.042355]  ? unwind_get_return_address+0x61/0xa0
10:17:19 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xbced, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:19 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(0xffffffffffffffff)

10:17:19 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:19 executing program 7:

10:17:19 executing program 3:

10:17:19 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x31, r0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
write$binfmt_elf64(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c468d0198ffff7f00000000000003003e00050000006a0100000000000040000000000000008b03000000000000ff07000000103800010000000600020057e5746402000000080000000000000004000000000000001f00000000000000000000001c000000010000000000000006000000000000000000006005000000040000000000000001000001000000000000000000000000000000f0f3ffffffffffff0040000001000000c7fae4a0f5af401d0ae11e802f9000c853ca4172b471dbc5b39425644818670a105d866b5275f0307b89b628a931595a388651dc85fcb738ba7786fb449f4aa6adfdafef9012ef16ac39b5687b83ca34a8ab4acd4fd992a10642a50362874b11fb711a2f1122b4099039fd3818ee64e5fdac7965ddfbc3ac535ce2b6b41711cea34e41b6177b47a524d4fd500fef3cbff21a233ee917b2192633a11f516a152bc1a8d04f3f354d562b52de7eedbe8bdbe6e3041059bf05926a2cd915dd3fd8d2872dcdef2e0204ee8cef9179c7cbb77fa277d554e115cc7373dbc6311e08eded0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000"], 0x690)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:20 executing program 3:

[  381.047297]  should_fail.cold.4+0xa/0x11
[  381.051380]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  381.056501]  ? save_stack+0xa9/0xd0
[  381.060143]  ? kasan_kmalloc+0xc4/0xe0
[  381.064035]  ? kasan_slab_alloc+0x12/0x20
[  381.068189]  ? kmem_cache_alloc+0x12e/0x760
[  381.072517]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  381.077365]  ? kvm_mmu_load+0x21/0x10e0
[  381.081344]  ? vcpu_enter_guest+0x3aa6/0x6090
[  381.086731]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  381.091759]  ? do_vfs_ioctl+0x1de/0x1720
10:17:20 executing program 3:

10:17:20 executing program 3:

[  381.096094]  ? ksys_ioctl+0xa9/0xd0
[  381.099727]  ? __x64_sys_ioctl+0x73/0xb0
[  381.103804]  ? do_syscall_64+0x1b9/0x820
[  381.107877]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  381.113254]  ? lock_acquire+0x1e4/0x540
[  381.117240]  ? percpu_ref_put_many+0x119/0x240
[  381.121839]  ? lock_downgrade+0x8f0/0x8f0
[  381.126006]  ? lock_acquire+0x1e4/0x540
[  381.129988]  ? fs_reclaim_acquire+0x20/0x20
[  381.134320]  ? lock_downgrade+0x8f0/0x8f0
[  381.138476]  ? lock_downgrade+0x8f0/0x8f0
[  381.142635]  ? check_same_owner+0x340/0x340
10:17:20 executing program 3:

10:17:20 executing program 7:

[  381.146965]  ? rcu_note_context_switch+0x730/0x730
[  381.152078]  ? kasan_unpoison_shadow+0x35/0x50
[  381.156668]  __should_failslab+0x124/0x180
[  381.160904]  should_failslab+0x9/0x14
[  381.164707]  kmem_cache_alloc+0x2af/0x760
[  381.168865]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  381.174242]  mmu_topup_memory_caches+0xf7/0x3a0
[  381.178924]  kvm_mmu_load+0x21/0x10e0
[  381.182825]  ? rcu_note_context_switch+0x730/0x730
[  381.187764]  ? filemap_map_pages+0xca2/0x1990
[  381.192269]  vcpu_enter_guest+0x3aa6/0x6090
10:17:20 executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
r1 = epoll_create1(0x0)
r2 = dup3(r0, r1, 0x0)
sendto$unix(r2, &(0x7f0000000040)='3', 0x1, 0x10, 0x0, 0x0)

10:17:20 executing program 7:
io_setup(0x6, &(0x7f00000012c0)=<r0=>0x0)
io_getevents(r0, 0x2, 0x8f, &(0x7f0000d83f60)=[{}, {}], &(0x7f00005cfff0)={0x4000000000001, 0x7})
r1 = memfd_create(&(0x7f0000000240)="3a2b6c6f230060766fdc2e0738dd41c97e2706edd6b4b2218216a1c508f7f35f9d795cb6e36202dc87ae64a8d02058d8ff1909655030e13f3607b1a7dd209444fed0167fc2ce93f869", 0x0)
perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x857, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
io_submit(r0, 0x1, &(0x7f0000001280)=[&(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)}])

10:17:20 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x87e00000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  381.196596]  ? kasan_check_write+0x14/0x20
[  381.200838]  ? __mutex_lock+0x6c4/0x1680
[  381.204912]  ? kvm_set_msr_common+0x26a0/0x26a0
[  381.209588]  ? lock_acquire+0x1e4/0x540
[  381.213568]  ? vmx_vcpu_load+0xadf/0xff0
[  381.217632]  ? trace_hardirqs_on+0x10/0x10
[  381.221875]  ? vmx_vcpu_reset+0x1040/0x1040
[  381.226203]  ? find_get_entries_tag+0x1410/0x1410
[  381.231064]  ? lock_acquire+0x1e4/0x540
[  381.235050]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  381.240073]  ? lock_release+0xa30/0xa30
10:17:20 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xedcf, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  381.244053]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  381.249347]  ? kvm_arch_dev_ioctl+0x610/0x610
[  381.253848]  ? preempt_notifier_dec+0x20/0x20
[  381.258363]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  381.263214]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  381.268248]  kvm_vcpu_ioctl+0x7b8/0x1300
[  381.272334]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  381.278058]  ? lock_acquire+0x1e4/0x540
[  381.282036]  ? __fget+0x4ac/0x740
[  381.285500]  ? lock_downgrade+0x8f0/0x8f0
[  381.289657]  ? lock_release+0xa30/0xa30
[  381.293986]  ? pid_task+0x115/0x200
[  381.297805]  ? find_vpid+0xf0/0xf0
[  381.301362]  ? __f_unlock_pos+0x19/0x20
[  381.305347]  ? __fget+0x4d5/0x740
[  381.308808]  ? ksys_dup3+0x690/0x690
[  381.312534]  ? kasan_check_write+0x14/0x20
[  381.316790]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  381.321741]  ? fsnotify+0xbac/0x14e0
[  381.325468]  ? vfs_write+0x2f3/0x560
[  381.329189]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  381.334906]  do_vfs_ioctl+0x1de/0x1720
[  381.338797]  ? fsnotify_first_mark+0x350/0x350
[  381.343400]  ? __fsnotify_parent+0xcc/0x420
[  381.347811]  ? ioctl_preallocate+0x300/0x300
[  381.352218]  ? __fget_light+0x2f7/0x440
[  381.356194]  ? fget_raw+0x20/0x20
[  381.359651]  ? __sb_end_write+0xac/0xe0
[  381.363630]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  381.369170]  ? fput+0x130/0x1a0
[  381.372445]  ? ksys_write+0x1ae/0x260
[  381.376245]  ? security_file_ioctl+0x94/0xc0
[  381.380642]  ksys_ioctl+0xa9/0xd0
[  381.384085]  __x64_sys_ioctl+0x73/0xb0
[  381.387964]  do_syscall_64+0x1b9/0x820
[  381.391835]  ? finish_task_switch+0x1d3/0x870
[  381.396316]  ? syscall_return_slowpath+0x5e0/0x5e0
[  381.401231]  ? syscall_return_slowpath+0x31d/0x5e0
[  381.406150]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  381.411149]  ? prepare_exit_to_usermode+0x291/0x3b0
[  381.416158]  ? perf_trace_sys_enter+0xb10/0xb10
[  381.420826]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  381.425653]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  381.430830] RIP: 0033:0x455e29
10:17:20 executing program 4 (fault-call:11 fault-nth:28):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:17:20 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xc8ed0000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  381.433999] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  381.453148] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  381.460842] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  381.468099] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  381.475357] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  381.482621] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  381.489885] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 000000000000001b
[  381.554745] FAULT_INJECTION: forcing a failure.
[  381.554745] name failslab, interval 1, probability 0, space 0, times 0
[  381.566054] CPU: 0 PID: 24121 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  381.574447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  381.583785] Call Trace:
[  381.586370]  dump_stack+0x1c9/0x2b4
[  381.589989]  ? dump_stack_print_info.cold.2+0x52/0x52
[  381.595169]  ? __kernel_text_address+0xd/0x40
[  381.599651]  ? unwind_get_return_address+0x61/0xa0
[  381.604575]  should_fail.cold.4+0xa/0x11
[  381.608621]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  381.613709]  ? save_stack+0xa9/0xd0
[  381.617322]  ? kasan_kmalloc+0xc4/0xe0
[  381.621191]  ? kasan_slab_alloc+0x12/0x20
[  381.625333]  ? kmem_cache_alloc+0x12e/0x760
[  381.629667]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  381.634517]  ? kvm_mmu_load+0x21/0x10e0
[  381.638477]  ? vcpu_enter_guest+0x3aa6/0x6090
[  381.642970]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  381.647991]  ? do_vfs_ioctl+0x1de/0x1720
[  381.652068]  ? ksys_ioctl+0xa9/0xd0
[  381.655695]  ? __x64_sys_ioctl+0x73/0xb0
[  381.659759]  ? do_syscall_64+0x1b9/0x820
[  381.663802]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  381.669152]  ? lock_acquire+0x1e4/0x540
[  381.673136]  ? percpu_ref_put_many+0x119/0x240
[  381.677722]  ? lock_downgrade+0x8f0/0x8f0
[  381.681867]  ? lock_acquire+0x1e4/0x540
[  381.685825]  ? fs_reclaim_acquire+0x20/0x20
[  381.690147]  ? lock_downgrade+0x8f0/0x8f0
[  381.694294]  ? check_same_owner+0x340/0x340
[  381.698620]  ? rcu_note_context_switch+0x730/0x730
[  381.703558]  ? kasan_unpoison_shadow+0x35/0x50
[  381.708130]  __should_failslab+0x124/0x180
[  381.712355]  should_failslab+0x9/0x14
[  381.716150]  kmem_cache_alloc+0x2af/0x760
[  381.720286]  ? kvm_clock_read+0x25/0x30
[  381.724252]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  381.729269]  ? ktime_get_with_offset+0x32e/0x4b0
[  381.734014]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  381.738856]  mmu_topup_memory_caches+0xf7/0x3a0
[  381.743521]  kvm_mmu_load+0x21/0x10e0
[  381.747660]  ? kasan_check_write+0x14/0x20
[  381.751888]  ? do_raw_spin_lock+0xc1/0x200
[  381.756108]  vcpu_enter_guest+0x3aa6/0x6090
[  381.760415]  ? kvm_set_msr_common+0x26a0/0x26a0
[  381.765069]  ? lock_acquire+0x1e4/0x540
[  381.769050]  ? vmx_vcpu_load+0xadf/0xff0
[  381.773099]  ? vmx_vcpu_reset+0x1040/0x1040
[  381.777427]  ? find_get_entries_tag+0x1410/0x1410
[  381.782267]  ? lock_acquire+0x1e4/0x540
[  381.786220]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  381.791222]  ? lock_release+0xa30/0xa30
[  381.795180]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  381.800439]  ? kvm_arch_dev_ioctl+0x610/0x610
[  381.804925]  ? preempt_notifier_dec+0x20/0x20
[  381.809410]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  381.814258]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  381.819266]  kvm_vcpu_ioctl+0x7b8/0x1300
[  381.823321]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  381.829043]  ? lock_acquire+0x1e4/0x540
[  381.832997]  ? __fget+0x4ac/0x740
[  381.836438]  ? lock_downgrade+0x8f0/0x8f0
[  381.840579]  ? lock_release+0xa30/0xa30
[  381.844539]  ? pid_task+0x115/0x200
[  381.848150]  ? find_vpid+0xf0/0xf0
[  381.851678]  ? __f_unlock_pos+0x19/0x20
[  381.855639]  ? __fget+0x4d5/0x740
[  381.859077]  ? ksys_dup3+0x690/0x690
[  381.862772]  ? kasan_check_write+0x14/0x20
[  381.867000]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  381.871920]  ? fsnotify+0xbac/0x14e0
[  381.875623]  ? vfs_write+0x2f3/0x560
[  381.879326]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  381.885038]  do_vfs_ioctl+0x1de/0x1720
[  381.888917]  ? fsnotify_first_mark+0x350/0x350
[  381.893484]  ? __fsnotify_parent+0xcc/0x420
[  381.897796]  ? ioctl_preallocate+0x300/0x300
[  381.902558]  ? __fget_light+0x2f7/0x440
[  381.906530]  ? fget_raw+0x20/0x20
[  381.909983]  ? __sb_end_write+0xac/0xe0
[  381.913957]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  381.919488]  ? fput+0x130/0x1a0
[  381.922774]  ? ksys_write+0x1ae/0x260
[  381.926586]  ? security_file_ioctl+0x94/0xc0
[  381.930999]  ksys_ioctl+0xa9/0xd0
[  381.934455]  __x64_sys_ioctl+0x73/0xb0
[  381.938349]  do_syscall_64+0x1b9/0x820
[  381.942239]  ? finish_task_switch+0x1d3/0x870
[  381.946739]  ? syscall_return_slowpath+0x5e0/0x5e0
[  381.951664]  ? syscall_return_slowpath+0x31d/0x5e0
[  381.956577]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  381.961577]  ? prepare_exit_to_usermode+0x291/0x3b0
[  381.966578]  ? perf_trace_sys_enter+0xb10/0xb10
[  381.971234]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  381.976059]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  381.981231] RIP: 0033:0x455e29
[  381.984397] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
10:17:20 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(0xffffffffffffffff)

10:17:20 executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
r1 = epoll_create1(0x0)
r2 = dup3(r0, r1, 0x0)
write$binfmt_elf32(r2, &(0x7f0000000100)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x20}, [{}]}, 0x58)

10:17:20 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
r1 = epoll_create1(0x0)
r2 = dup3(r0, r1, 0x0)
write$P9_RFSYNC(r2, &(0x7f0000000040)={0x7, 0x33}, 0x7)

10:17:20 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd1ed0000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:20 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xf0ffffff0f0000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:20 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)
setsockopt$IP_VS_SO_SET_DELDEST(r2, 0x0, 0x488, &(0x7f0000000100)={{0xff, @multicast1=0xe0000001, 0x4e22, 0x3, 'none\x00', 0x2, 0x431, 0x2f}, {@rand_addr=0x6, 0x4e23, 0x0, 0x4, 0x5, 0x5}}, 0x44)

[  382.003792] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  382.011489] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  382.018745] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  382.025999] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  382.033265] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  382.040536] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 000000000000001c
10:17:21 executing program 3:

10:17:21 executing program 2:

10:17:21 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x7, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:21 executing program 3:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c)
bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18)
close(r0)

10:17:21 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
r1 = epoll_create1(0x0)
r2 = dup3(r0, r1, 0x0)
setsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000040), 0x4)

10:17:21 executing program 7 (fault-call:9 fault-nth:0):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:21 executing program 4 (fault-call:11 fault-nth:29):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10:17:21 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x6, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:21 executing program 2 (fault-call:11 fault-nth:0):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:21 executing program 3 (fault-call:11 fault-nth:0):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

[  382.355552] FAULT_INJECTION: forcing a failure.
[  382.355552] name failslab, interval 1, probability 0, space 0, times 0
[  382.361154] FAULT_INJECTION: forcing a failure.
[  382.361154] name failslab, interval 1, probability 0, space 0, times 0
[  382.366858] CPU: 0 PID: 24181 Comm: syz-executor7 Not tainted 4.18.0-rc3-next-20180709+ #2
[  382.386427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  382.395787] Call Trace:
[  382.398381]  dump_stack+0x1c9/0x2b4
[  382.402004]  ? dump_stack_print_info.cold.2+0x52/0x52
[  382.407188]  ? __check_object_size+0x9d/0x5f2
[  382.411676]  should_fail.cold.4+0xa/0x11
[  382.415729]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  382.420820]  ? lock_downgrade+0x8f0/0x8f0
[  382.424960]  ? lock_release+0xa30/0xa30
[  382.428928]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  382.434456]  ? pid_task+0x115/0x200
[  382.438071]  ? find_vpid+0xf0/0xf0
[  382.441604]  ? __f_unlock_pos+0x19/0x20
[  382.445570]  ? lock_downgrade+0x8f0/0x8f0
[  382.449720]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  382.455248]  ? lock_acquire+0x1e4/0x540
[  382.459210]  ? fs_reclaim_acquire+0x20/0x20
[  382.463518]  ? lock_downgrade+0x8f0/0x8f0
[  382.467654]  ? check_same_owner+0x340/0x340
[  382.471973]  ? vfs_write+0x2f3/0x560
[  382.475675]  ? rcu_note_context_switch+0x730/0x730
[  382.480603]  ? wait_for_completion+0x8d0/0x8d0
[  382.485176]  ? lock_release+0xa30/0xa30
[  382.489138]  __should_failslab+0x124/0x180
[  382.493363]  should_failslab+0x9/0x14
[  382.497151]  kmem_cache_alloc+0x2af/0x760
[  382.501299]  getname_flags+0xd0/0x5a0
[  382.505523]  getname+0x19/0x20
[  382.508703]  do_sys_open+0x3a2/0x720
[  382.512403]  ? filp_open+0x80/0x80
[  382.515932]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  382.521471]  __x64_sys_open+0x7e/0xc0
[  382.525266]  do_syscall_64+0x1b9/0x820
[  382.529229]  ? syscall_slow_exit_work+0x500/0x500
[  382.534061]  ? syscall_return_slowpath+0x5e0/0x5e0
[  382.538980]  ? syscall_return_slowpath+0x31d/0x5e0
[  382.543899]  ? prepare_exit_to_usermode+0x291/0x3b0
[  382.548901]  ? perf_trace_sys_enter+0xb10/0xb10
[  382.553563]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  382.558397]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  382.563602] RIP: 0033:0x410081
[  382.566870] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 
[  382.586080] RSP: 002b:00007fc453c227a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
[  382.593776] RAX: ffffffffffffffda RBX: cccccccccccccccd RCX: 0000000000410081
[  382.601031] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fc453c22850
[  382.608285] RBP: 000000000072bea0 R08: 000000000000000f R09: 0000000000000000
[  382.615544] R10: 0000000020000100 R11: 0000000000000293 R12: 0000000000000015
[  382.622802] R13: 00000000004c289a R14: 00000000004d41c8 R15: 0000000000000000
[  382.630081] CPU: 1 PID: 24171 Comm: syz-executor4 Not tainted 4.18.0-rc3-next-20180709+ #2
[  382.638485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  382.647831] Call Trace:
[  382.650430]  dump_stack+0x1c9/0x2b4
[  382.654065]  ? dump_stack_print_info.cold.2+0x52/0x52
[  382.659263]  ? __kernel_text_address+0xd/0x40
[  382.663761]  ? unwind_get_return_address+0x61/0xa0
[  382.668698]  should_fail.cold.4+0xa/0x11
[  382.672762]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  382.677868]  ? save_stack+0xa9/0xd0
[  382.681499]  ? kasan_kmalloc+0xc4/0xe0
[  382.685386]  ? kasan_slab_alloc+0x12/0x20
[  382.689526]  ? kmem_cache_alloc+0x12e/0x760
[  382.693829]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  382.698667]  ? kvm_mmu_load+0x21/0x10e0
[  382.702630]  ? vcpu_enter_guest+0x3aa6/0x6090
[  382.707116]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  382.712120]  ? do_vfs_ioctl+0x1de/0x1720
[  382.716170]  ? ksys_ioctl+0xa9/0xd0
[  382.719788]  ? __x64_sys_ioctl+0x73/0xb0
[  382.723841]  ? do_syscall_64+0x1b9/0x820
[  382.727891]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  382.733251]  ? lock_acquire+0x1e4/0x540
[  382.737224]  ? percpu_ref_put_many+0x119/0x240
[  382.741791]  ? lock_downgrade+0x8f0/0x8f0
[  382.745934]  ? lock_acquire+0x1e4/0x540
[  382.749894]  ? fs_reclaim_acquire+0x20/0x20
[  382.754199]  ? lock_downgrade+0x8f0/0x8f0
[  382.758331]  ? check_same_owner+0x340/0x340
[  382.762641]  ? rcu_note_context_switch+0x730/0x730
[  382.767567]  ? kasan_unpoison_shadow+0x35/0x50
[  382.772145]  __should_failslab+0x124/0x180
[  382.776363]  should_failslab+0x9/0x14
[  382.780153]  kmem_cache_alloc+0x2af/0x760
[  382.784303]  ? kasan_check_write+0x14/0x20
[  382.788522]  ? mmu_topup_memory_caches+0xf7/0x3a0
[  382.793357]  mmu_topup_memory_caches+0xf7/0x3a0
[  382.798028]  kvm_mmu_load+0x21/0x10e0
[  382.801815]  ? rcu_note_context_switch+0x730/0x730
[  382.806737]  ? filemap_map_pages+0xca2/0x1990
[  382.811215]  vcpu_enter_guest+0x3aa6/0x6090
[  382.815520]  ? kasan_check_write+0x14/0x20
[  382.819739]  ? __mutex_lock+0x6c4/0x1680
[  382.823808]  ? kvm_set_msr_common+0x26a0/0x26a0
[  382.828466]  ? lock_acquire+0x1e4/0x540
[  382.832424]  ? vmx_vcpu_load+0xadf/0xff0
[  382.836472]  ? trace_hardirqs_on+0x10/0x10
[  382.840689]  ? vmx_vcpu_reset+0x1040/0x1040
[  382.844995]  ? find_get_entries_tag+0x1410/0x1410
[  382.849837]  ? lock_acquire+0x1e4/0x540
[  382.853841]  ? kvm_arch_vcpu_ioctl_run+0x234/0x1690
[  382.858850]  ? lock_release+0xa30/0xa30
[  382.862809]  ? kvm_arch_vcpu_ioctl_set_fpu+0x340/0x340
[  382.868070]  ? kvm_arch_dev_ioctl+0x610/0x610
[  382.872551]  ? preempt_notifier_dec+0x20/0x20
[  382.877049]  kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  382.881893]  ? kvm_arch_vcpu_ioctl_run+0x33e/0x1690
[  382.886902]  kvm_vcpu_ioctl+0x7b8/0x1300
[  382.890953]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  382.896662]  ? lock_acquire+0x1e4/0x540
[  382.900623]  ? __fget+0x4ac/0x740
[  382.904068]  ? lock_downgrade+0x8f0/0x8f0
[  382.908216]  ? lock_release+0xa30/0xa30
[  382.912188]  ? pid_task+0x115/0x200
[  382.915808]  ? find_vpid+0xf0/0xf0
[  382.919339]  ? __f_unlock_pos+0x19/0x20
[  382.923315]  ? __fget+0x4d5/0x740
[  382.926769]  ? ksys_dup3+0x690/0x690
[  382.930479]  ? kasan_check_write+0x14/0x20
[  382.934710]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  382.939641]  ? fsnotify+0xbac/0x14e0
[  382.943369]  ? vfs_write+0x2f3/0x560
[  382.947088]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  382.952801]  do_vfs_ioctl+0x1de/0x1720
[  382.956689]  ? fsnotify_first_mark+0x350/0x350
[  382.961267]  ? __fsnotify_parent+0xcc/0x420
[  382.965591]  ? ioctl_preallocate+0x300/0x300
[  382.969999]  ? __fget_light+0x2f7/0x440
[  382.973972]  ? fget_raw+0x20/0x20
[  382.977448]  ? __sb_end_write+0xac/0xe0
[  382.981427]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  382.986959]  ? fput+0x130/0x1a0
[  382.990233]  ? ksys_write+0x1ae/0x260
[  382.994040]  ? security_file_ioctl+0x94/0xc0
[  382.998447]  ksys_ioctl+0xa9/0xd0
[  383.001884]  __x64_sys_ioctl+0x73/0xb0
[  383.005757]  do_syscall_64+0x1b9/0x820
[  383.009667]  ? finish_task_switch+0x1d3/0x870
[  383.014146]  ? syscall_return_slowpath+0x5e0/0x5e0
[  383.019070]  ? syscall_return_slowpath+0x31d/0x5e0
[  383.023992]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  383.029002]  ? prepare_exit_to_usermode+0x291/0x3b0
[  383.034016]  ? perf_trace_sys_enter+0xb10/0xb10
[  383.038688]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  383.043537]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  383.048724] RIP: 0033:0x455e29
[  383.051913] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  383.071174] RSP: 002b:00007f7315028c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  383.078891] RAX: ffffffffffffffda RBX: 00007f73150296d4 RCX: 0000000000455e29
[  383.086785] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019
[  383.094058] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  383.101326] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
10:17:21 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
pwrite64(r0, &(0x7f0000000100)="7eb1f327eb3c7d58823d350973d4a90d43a482609b7a1e8d2917d8dcc736eb88184c0d7a8d6558fa1faacd2caa5684745abec119329232b4dea9e7cf2deb8fb20d9f71ae32a23bf057d290d1daeb04f477eff711b588b2378d09111f4713f852f1a0b78cea59a0280bbbb49262fe263a3c7bb50f8856571422389ad441087424d3034bce7dd72b6fbd1b313874d1bf5eb45b28051b59ff93f54153da6562f1b87afba2e690d72af3d636904801812deb94273da17e4ca0130daafcf595db700c81a3712e", 0xc4, 0x0)
lseek(r2, 0x0, 0x1)
setsockopt$inet6_dccp_int(r2, 0x21, 0x5, &(0x7f0000000040)=0x3f, 0x4)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:21 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x6f09000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:21 executing program 7 (fault-call:9 fault-nth:1):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:21 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x200000000000000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:22 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xc0ed000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:22 executing program 0 (fault-call:11 fault-nth:0):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

[  383.108591] R13: 00000000004be063 R14: 00000000004cc8f0 R15: 000000000000001d
[  383.128542] FAULT_INJECTION: forcing a failure.
[  383.128542] name failslab, interval 1, probability 0, space 0, times 0
[  383.139856] CPU: 1 PID: 24203 Comm: syz-executor7 Not tainted 4.18.0-rc3-next-20180709+ #2
[  383.148282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  383.157641] Call Trace:
[  383.160239]  dump_stack+0x1c9/0x2b4
[  383.163880]  ? dump_stack_print_info.cold.2+0x52/0x52
[  383.169084]  should_fail.cold.4+0xa/0x11
[  383.173134]  ? check_pgprot+0xdf/0x180
[  383.177013]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  383.182131]  ? do_raw_spin_lock+0xc1/0x200
[  383.186359]  ? alloc_set_pte+0xaf6/0x1790
[  383.190499]  ? trace_hardirqs_on+0x10/0x10
[  383.194736]  ? trace_hardirqs_on+0x10/0x10
[  383.198959]  ? lock_acquire+0x1e4/0x540
[  383.202920]  ? fs_reclaim_acquire+0x20/0x20
[  383.207226]  ? lock_downgrade+0x8f0/0x8f0
[  383.211361]  ? trace_hardirqs_on+0x10/0x10
[  383.215585]  ? check_same_owner+0x340/0x340
[  383.219896]  ? rcu_note_context_switch+0x730/0x730
[  383.224832]  __should_failslab+0x124/0x180
[  383.229057]  should_failslab+0x9/0x14
[  383.232851]  kmem_cache_alloc+0x2af/0x760
[  383.236986]  ? trace_hardirqs_on+0x10/0x10
[  383.241220]  __get_empty_filp+0x11b/0x620
[  383.245350]  ? proc_nr_files+0x60/0x60
[  383.249221]  ? trace_hardirqs_on+0x10/0x10
[  383.253457]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  383.258463]  ? bpf_prog_kallsyms_find+0xde/0x4c0
[  383.263206]  ? lock_acquire+0x1e4/0x540
[  383.267161]  ? is_bpf_text_address+0xae/0x170
[  383.271641]  ? lock_downgrade+0x8f0/0x8f0
[  383.275773]  path_openat+0x13f/0x5620
[  383.279562]  ? kasan_check_read+0x11/0x20
[  383.283695]  ? rcu_is_watching+0x8c/0x150
[  383.287830]  ? rcu_cleanup_dead_rnp+0x200/0x200
[  383.292505]  ? is_bpf_text_address+0xd7/0x170
[  383.296986]  ? path_lookupat.isra.45+0xbf0/0xbf0
[  383.301729]  ? kernel_text_address+0x79/0xf0
[  383.306124]  ? __kernel_text_address+0xd/0x40
[  383.310610]  ? unwind_get_return_address+0x61/0xa0
[  383.315528]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  383.320530]  ? expand_files.part.8+0x571/0x9c0
[  383.325096]  ? iterate_fd+0x4b0/0x4b0
[  383.328890]  ? lock_acquire+0x1e4/0x540
[  383.332846]  ? __alloc_fd+0x34e/0x710
[  383.336634]  ? lock_downgrade+0x8f0/0x8f0
[  383.340767]  ? do_sys_open+0x3a2/0x720
[  383.344642]  ? kasan_check_read+0x11/0x20
[  383.348774]  ? do_raw_spin_unlock+0xa7/0x2f0
[  383.353178]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  383.357745]  ? kasan_check_write+0x14/0x20
[  383.361962]  ? do_raw_spin_lock+0xc1/0x200
[  383.366184]  ? _raw_spin_unlock+0x22/0x30
[  383.370313]  ? __alloc_fd+0x34e/0x710
[  383.374099]  ? usercopy_warn+0x120/0x120
[  383.378152]  do_filp_open+0x255/0x380
[  383.381944]  ? may_open_dev+0x100/0x100
[  383.385908]  ? get_unused_fd_flags+0x122/0x1a0
[  383.390474]  ? __alloc_fd+0x710/0x710
[  383.394263]  do_sys_open+0x584/0x720
[  383.397959]  ? filp_open+0x80/0x80
[  383.401483]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  383.407022]  __x64_sys_open+0x7e/0xc0
[  383.410813]  do_syscall_64+0x1b9/0x820
[  383.414681]  ? finish_task_switch+0x1d3/0x870
[  383.419163]  ? syscall_return_slowpath+0x5e0/0x5e0
[  383.424078]  ? syscall_return_slowpath+0x31d/0x5e0
[  383.428994]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  383.433999]  ? prepare_exit_to_usermode+0x291/0x3b0
[  383.439004]  ? perf_trace_sys_enter+0xb10/0xb10
[  383.443660]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  383.448489]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  383.453664] RIP: 0033:0x410081
[  383.456835] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 
[  383.476015] RSP: 002b:00007fc453c227a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
[  383.483710] RAX: ffffffffffffffda RBX: cccccccccccccccd RCX: 0000000000410081
[  383.490964] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fc453c22850
[  383.498216] RBP: 000000000072bea0 R08: 000000000000000f R09: 0000000000000000
10:17:22 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd3ed0000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:22 executing program 7 (fault-call:9 fault-nth:2):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:22 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xedc2, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  383.505469] R10: 0000000020000100 R11: 0000000000000293 R12: 0000000000000015
[  383.512721] R13: 00000000004c289a R14: 00000000004d41c8 R15: 0000000000000001
10:17:22 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

[  383.580606] FAULT_INJECTION: forcing a failure.
[  383.580606] name failslab, interval 1, probability 0, space 0, times 0
[  383.591917] CPU: 0 PID: 24218 Comm: syz-executor7 Not tainted 4.18.0-rc3-next-20180709+ #2
[  383.600327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  383.609680] Call Trace:
[  383.612283]  dump_stack+0x1c9/0x2b4
[  383.615927]  ? dump_stack_print_info.cold.2+0x52/0x52
[  383.621136]  should_fail.cold.4+0xa/0x11
[  383.625203]  ? check_pgprot+0xdf/0x180
10:17:22 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd2ed000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:22 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:22 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

[  383.629103]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  383.634210]  ? do_raw_spin_lock+0xc1/0x200
[  383.638456]  ? alloc_set_pte+0xaf6/0x1790
[  383.642620]  ? trace_hardirqs_on+0x10/0x10
[  383.646862]  ? trace_hardirqs_on+0x10/0x10
[  383.651111]  ? lock_acquire+0x1e4/0x540
[  383.655101]  ? fs_reclaim_acquire+0x20/0x20
[  383.659429]  ? lock_downgrade+0x8f0/0x8f0
[  383.663584]  ? trace_hardirqs_on+0x10/0x10
[  383.667830]  ? check_same_owner+0x340/0x340
[  383.672164]  ? rcu_note_context_switch+0x730/0x730
10:17:22 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x68, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  383.677109]  __should_failslab+0x124/0x180
[  383.681350]  should_failslab+0x9/0x14
[  383.685179]  kmem_cache_alloc+0x2af/0x760
[  383.689345]  ? trace_hardirqs_on+0x10/0x10
[  383.693592]  __get_empty_filp+0x11b/0x620
[  383.697748]  ? proc_nr_files+0x60/0x60
[  383.701646]  ? trace_hardirqs_on+0x10/0x10
[  383.705889]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  383.710912]  ? bpf_prog_kallsyms_find+0xde/0x4c0
[  383.715680]  ? lock_acquire+0x1e4/0x540
[  383.719662]  ? is_bpf_text_address+0xae/0x170
[  383.724167]  ? lock_downgrade+0x8f0/0x8f0
10:17:22 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xedc0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:22 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd0ed000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  383.728329]  path_openat+0x13f/0x5620
[  383.732142]  ? kasan_check_read+0x11/0x20
[  383.736312]  ? rcu_is_watching+0x8c/0x150
[  383.740476]  ? rcu_cleanup_dead_rnp+0x200/0x200
[  383.745156]  ? is_bpf_text_address+0xd7/0x170
[  383.749661]  ? path_lookupat.isra.45+0xbf0/0xbf0
[  383.754422]  ? kernel_text_address+0x79/0xf0
[  383.758842]  ? __kernel_text_address+0xd/0x40
[  383.763341]  ? unwind_get_return_address+0x61/0xa0
[  383.768275]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  383.773311]  ? expand_files.part.8+0x571/0x9c0
[  383.777895]  ? iterate_fd+0x4b0/0x4b0
[  383.781702]  ? lock_acquire+0x1e4/0x540
[  383.785674]  ? __alloc_fd+0x34e/0x710
[  383.789477]  ? lock_downgrade+0x8f0/0x8f0
[  383.793622]  ? do_sys_open+0x3a2/0x720
[  383.797518]  ? kasan_check_read+0x11/0x20
[  383.801672]  ? do_raw_spin_unlock+0xa7/0x2f0
[  383.806092]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  383.810682]  ? kasan_check_write+0x14/0x20
[  383.814917]  ? do_raw_spin_lock+0xc1/0x200
[  383.819150]  ? _raw_spin_unlock+0x22/0x30
[  383.823324]  ? __alloc_fd+0x34e/0x710
[  383.827143]  ? usercopy_warn+0x120/0x120
[  383.831213]  do_filp_open+0x255/0x380
[  383.835013]  ? may_open_dev+0x100/0x100
[  383.839008]  ? get_unused_fd_flags+0x122/0x1a0
[  383.843592]  ? __alloc_fd+0x710/0x710
[  383.847395]  do_sys_open+0x584/0x720
[  383.851112]  ? filp_open+0x80/0x80
[  383.854653]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  383.860227]  __x64_sys_open+0x7e/0xc0
[  383.864026]  do_syscall_64+0x1b9/0x820
[  383.867918]  ? finish_task_switch+0x1d3/0x870
[  383.872400]  ? syscall_return_slowpath+0x5e0/0x5e0
[  383.877313]  ? syscall_return_slowpath+0x31d/0x5e0
[  383.882236]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  383.887236]  ? prepare_exit_to_usermode+0x291/0x3b0
[  383.892236]  ? perf_trace_sys_enter+0xb10/0xb10
[  383.896896]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  383.901726]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  383.906895] RIP: 0033:0x410081
[  383.910065] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 
[  383.929237] RSP: 002b:00007fc453c227a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
[  383.936928] RAX: ffffffffffffffda RBX: cccccccccccccccd RCX: 0000000000410081
[  383.944184] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fc453c22850
[  383.951443] RBP: 000000000072bea0 R08: 000000000000000f R09: 0000000000000000
[  383.958695] R10: 0000000020000100 R11: 0000000000000293 R12: 0000000000000015
[  383.965950] R13: 00000000004c289a R14: 00000000004d41c8 R15: 0000000000000002
10:17:23 executing program 7 (fault-call:9 fault-nth:3):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:23 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xcbed000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:23 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x1000000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:23 executing program 6:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl$fiemap(r0, 0xc020660b, &(0x7f0000000180)=ANY=[@ANYBLOB="f900000000000000fffffeffffffffffdb00000144f8ffff01000000000000004002000000000000400009000000000005000000000000000000080000000000000500000000000000003e78f9d3b510d63d61d7b607b22fb8d60becdeaad54b8989604bc96e927723fae605adacc40000000000000000000000000000"])
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r3, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r4, 0x1004000000016)
close(r2)

10:17:23 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xc018ae85, 0x0)

[  384.123844] FAULT_INJECTION: forcing a failure.
[  384.123844] name failslab, interval 1, probability 0, space 0, times 0
[  384.135168] CPU: 0 PID: 24257 Comm: syz-executor7 Not tainted 4.18.0-rc3-next-20180709+ #2
[  384.144017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  384.153379] Call Trace:
[  384.155969]  dump_stack+0x1c9/0x2b4
[  384.159585]  ? dump_stack_print_info.cold.2+0x52/0x52
[  384.164760]  ? lock_release+0xa30/0xa30
[  384.168724]  should_fail.cold.4+0xa/0x11
[  384.172773]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  384.177874]  ? kasan_check_write+0x14/0x20
[  384.182104]  ? nbd_open+0x277/0x480
[  384.185715]  ? trace_hardirqs_on+0x10/0x10
[  384.189935]  ? mutex_trylock+0x2b0/0x2b0
[  384.193990]  ? kasan_check_write+0x14/0x20
[  384.198211]  ? __mutex_lock+0x6c4/0x1680
[  384.202257]  ? __blkdev_get+0x19b/0x13c0
[  384.206300]  ? trace_hardirqs_on+0x10/0x10
[  384.210519]  ? mutex_trylock+0x2b0/0x2b0
[  384.214564]  ? lookup_fast+0x429/0x12a0
[  384.218520]  ? lock_downgrade+0x8f0/0x8f0
[  384.222670]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  384.228200]  ? check_same_owner+0x340/0x340
[  384.232510]  ? rcu_note_context_switch+0x730/0x730
[  384.237429]  __should_failslab+0x124/0x180
[  384.241650]  should_failslab+0x9/0x14
[  384.245434]  kmem_cache_alloc_trace+0x2cb/0x780
[  384.250105]  ? lock_release+0xa30/0xa30
[  384.255031]  nbd_alloc_config+0xaf/0x280
[  384.259082]  ? nbd_dead_link_work+0x380/0x380
[  384.263562]  ? disk_get_part+0xcf/0x190
[  384.267524]  ? lock_downgrade+0x8f0/0x8f0
[  384.271662]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  384.277187]  nbd_open+0x2a7/0x480
[  384.280626]  ? nbd_alloc_config+0x280/0x280
[  384.284950]  ? kobject_get+0x6b/0xc0
[  384.288658]  ? nbd_alloc_config+0x280/0x280
[  384.292966]  __blkdev_get+0x360/0x13c0
[  384.296841]  ? blkdev_get_block+0xc0/0xc0
[  384.300972]  blkdev_get+0xc1/0xb50
[  384.304496]  ? bdget+0x5d0/0x5d0
[  384.307845]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  384.312411]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  384.317929]  ? errseq_sample+0xe5/0x130
[  384.321897]  ? _copy_to_user+0x110/0x110
[  384.325943]  ? _raw_spin_unlock+0x22/0x30
[  384.330073]  blkdev_open+0x1fb/0x280
[  384.333772]  do_dentry_open+0xa7d/0x11c0
[  384.337814]  ? bd_acquire+0x2c0/0x2c0
[  384.341600]  ? chown_common+0x730/0x730
[  384.345565]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  384.351093]  ? security_inode_permission+0xd2/0x100
[  384.356149]  ? inode_permission+0xb2/0x560
[  384.360366]  vfs_open+0xa8/0xe0
[  384.363627]  path_openat+0x1930/0x5620
[  384.367497]  ? kasan_check_read+0x11/0x20
[  384.371728]  ? rcu_is_watching+0x8c/0x150
[  384.375861]  ? path_lookupat.isra.45+0xbf0/0xbf0
[  384.380599]  ? kernel_text_address+0x79/0xf0
[  384.384996]  ? __kernel_text_address+0xd/0x40
[  384.389484]  ? unwind_get_return_address+0x61/0xa0
[  384.394398]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  384.399397]  ? expand_files.part.8+0x571/0x9c0
[  384.403959]  ? iterate_fd+0x4b0/0x4b0
[  384.407752]  ? lock_acquire+0x1e4/0x540
[  384.411711]  ? __alloc_fd+0x34e/0x710
[  384.415494]  ? lock_downgrade+0x8f0/0x8f0
[  384.419630]  ? do_sys_open+0x3a2/0x720
[  384.423511]  ? kasan_check_read+0x11/0x20
[  384.427660]  ? do_raw_spin_unlock+0xa7/0x2f0
[  384.432063]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  384.436636]  ? kasan_check_write+0x14/0x20
[  384.440853]  ? do_raw_spin_lock+0xc1/0x200
[  384.445080]  ? _raw_spin_unlock+0x22/0x30
[  384.449212]  ? __alloc_fd+0x34e/0x710
[  384.452996]  ? usercopy_warn+0x120/0x120
[  384.457057]  do_filp_open+0x255/0x380
[  384.460856]  ? may_open_dev+0x100/0x100
[  384.464824]  ? get_unused_fd_flags+0x122/0x1a0
[  384.469397]  ? __alloc_fd+0x710/0x710
[  384.473186]  do_sys_open+0x584/0x720
[  384.476882]  ? filp_open+0x80/0x80
[  384.480418]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  384.485950]  __x64_sys_open+0x7e/0xc0
[  384.489745]  do_syscall_64+0x1b9/0x820
[  384.493613]  ? finish_task_switch+0x1d3/0x870
[  384.498094]  ? syscall_return_slowpath+0x5e0/0x5e0
[  384.503017]  ? syscall_return_slowpath+0x31d/0x5e0
[  384.507932]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  384.512932]  ? prepare_exit_to_usermode+0x291/0x3b0
[  384.517929]  ? perf_trace_sys_enter+0xb10/0xb10
[  384.522582]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  384.527409]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  384.532582] RIP: 0033:0x410081
[  384.535761] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 
[  384.554927] RSP: 002b:00007fc453c227a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
[  384.562634] RAX: ffffffffffffffda RBX: cccccccccccccccd RCX: 0000000000410081
[  384.570323] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fc453c22850
[  384.577575] RBP: 000000000072bea0 R08: 000000000000000f R09: 0000000000000000
[  384.584828] R10: 0000000020000100 R11: 0000000000000293 R12: 0000000000000015
[  384.592080] R13: 00000000004c289a R14: 00000000004d41c8 R15: 0000000000000003
10:17:23 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:23 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0x5421, 0x0)

10:17:23 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:23 executing program 7 (fault-call:9 fault-nth:4):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:23 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xbbed0000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:23 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

[  384.744733] FAULT_INJECTION: forcing a failure.
[  384.744733] name failslab, interval 1, probability 0, space 0, times 0
[  384.756089] CPU: 0 PID: 24283 Comm: syz-executor7 Not tainted 4.18.0-rc3-next-20180709+ #2
[  384.764494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  384.773854] Call Trace:
[  384.776446]  dump_stack+0x1c9/0x2b4
[  384.780065]  ? dump_stack_print_info.cold.2+0x52/0x52
[  384.785244]  ? check_same_owner+0x340/0x340
[  384.789551]  ? mutex_trylock+0x2b0/0x2b0
[  384.793598]  should_fail.cold.4+0xa/0x11
[  384.798005]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  384.803099]  ? kasan_check_write+0x14/0x20
[  384.807324]  ? __mutex_lock+0x6c4/0x1680
[  384.811380]  ? lock_downgrade+0x8f0/0x8f0
[  384.815511]  ? kasan_check_read+0x11/0x20
[  384.819638]  ? device_del+0x434/0xb70
[  384.823423]  ? mutex_trylock+0x2b0/0x2b0
[  384.827464]  ? lock_acquire+0x1e4/0x540
[  384.831420]  ? lock_downgrade+0x8f0/0x8f0
[  384.835558]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  384.840470]  ? lock_acquire+0x1e4/0x540
[  384.844435]  ? fs_reclaim_acquire+0x20/0x20
[  384.848740]  ? lock_downgrade+0x8f0/0x8f0
[  384.852882]  ? check_same_owner+0x340/0x340
[  384.857188]  ? kasan_check_read+0x11/0x20
[  384.861319]  ? do_raw_spin_unlock+0xa7/0x2f0
[  384.865713]  ? rcu_note_context_switch+0x730/0x730
[  384.870631]  __should_failslab+0x124/0x180
[  384.874849]  should_failslab+0x9/0x14
[  384.878632]  kmem_cache_alloc_trace+0x2cb/0x780
[  384.883283]  ? device_pm_check_callbacks+0x116/0x3f0
[  384.888370]  ? device_create_file+0x1e0/0x1e0
[  384.892849]  kobject_uevent_env+0x20f/0x1110
[  384.897237]  ? sysfs_remove_group+0xf6/0x1b0
[  384.901630]  kobject_uevent+0x1f/0x30
[  384.905415]  device_del+0x6c9/0xb70
[  384.909026]  ? __device_links_no_driver+0x330/0x330
[  384.914027]  ? kfree_const+0x47/0x70
[  384.921576]  ? kobject_get_path+0x1a0/0x1a0
[  384.925879]  ? kobject_put+0x8e/0x280
[  384.929665]  delete_partition+0x233/0x2c0
[  384.933808]  ? bio_devname+0x90/0x90
[  384.937504]  ? disk_part_iter_init+0x2c4/0x4d0
[  384.942071]  ? put_disk_and_module+0x90/0x90
[  384.946476]  drop_partitions.isra.13+0x199/0x200
[  384.951229]  ? delete_partition+0x2c0/0x2c0
[  384.955540]  rescan_partitions+0x75/0x910
[  384.959677]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  384.965198]  ? bd_set_size+0x219/0x370
[  384.969068]  __blkdev_get+0xb7c/0x13c0
[  384.972954]  ? blkdev_get_block+0xc0/0xc0
[  384.977095]  blkdev_get+0xc1/0xb50
[  384.980629]  ? bdget+0x5d0/0x5d0
[  384.984070]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  384.988637]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  384.994156]  ? errseq_sample+0xe5/0x130
[  384.998114]  ? _copy_to_user+0x110/0x110
[  385.002160]  ? _raw_spin_unlock+0x22/0x30
[  385.006304]  blkdev_open+0x1fb/0x280
[  385.010004]  do_dentry_open+0xa7d/0x11c0
[  385.014053]  ? bd_acquire+0x2c0/0x2c0
[  385.017853]  ? chown_common+0x730/0x730
[  385.021821]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  385.027344]  ? security_inode_permission+0xd2/0x100
[  385.032347]  ? inode_permission+0xb2/0x560
[  385.036567]  vfs_open+0xa8/0xe0
[  385.039832]  path_openat+0x1930/0x5620
[  385.043705]  ? kasan_check_read+0x11/0x20
[  385.047835]  ? rcu_is_watching+0x8c/0x150
[  385.051976]  ? path_lookupat.isra.45+0xbf0/0xbf0
[  385.056716]  ? kernel_text_address+0x79/0xf0
[  385.061120]  ? __kernel_text_address+0xd/0x40
[  385.065609]  ? unwind_get_return_address+0x61/0xa0
[  385.070526]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  385.075523]  ? expand_files.part.8+0x571/0x9c0
[  385.080087]  ? iterate_fd+0x4b0/0x4b0
[  385.083873]  ? lock_acquire+0x1e4/0x540
[  385.087850]  ? __alloc_fd+0x34e/0x710
[  385.091640]  ? lock_downgrade+0x8f0/0x8f0
[  385.095774]  ? do_sys_open+0x3a2/0x720
[  385.099665]  ? kasan_check_read+0x11/0x20
[  385.103798]  ? do_raw_spin_unlock+0xa7/0x2f0
[  385.108203]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  385.112772]  ? kasan_check_write+0x14/0x20
[  385.116992]  ? do_raw_spin_lock+0xc1/0x200
[  385.121214]  ? _raw_spin_unlock+0x22/0x30
[  385.125347]  ? __alloc_fd+0x34e/0x710
[  385.129144]  ? usercopy_warn+0x120/0x120
[  385.133195]  do_filp_open+0x255/0x380
[  385.136982]  ? may_open_dev+0x100/0x100
[  385.140950]  ? get_unused_fd_flags+0x122/0x1a0
[  385.145527]  ? __alloc_fd+0x710/0x710
[  385.149416]  do_sys_open+0x584/0x720
[  385.153294]  ? filp_open+0x80/0x80
[  385.156818]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  385.162342]  __x64_sys_open+0x7e/0xc0
[  385.166132]  do_syscall_64+0x1b9/0x820
[  385.170005]  ? syscall_slow_exit_work+0x500/0x500
[  385.174845]  ? syscall_return_slowpath+0x5e0/0x5e0
[  385.179769]  ? syscall_return_slowpath+0x31d/0x5e0
[  385.184697]  ? prepare_exit_to_usermode+0x291/0x3b0
[  385.189697]  ? perf_trace_sys_enter+0xb10/0xb10
[  385.194351]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  385.199442]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  385.204616] RIP: 0033:0x410081
[  385.207785] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 
[  385.226959] RSP: 002b:00007fc453c227a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
[  385.234737] RAX: ffffffffffffffda RBX: cccccccccccccccd RCX: 0000000000410081
10:17:24 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x3, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  385.241992] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fc453c22850
[  385.249258] RBP: 000000000072bea0 R08: 000000000000000f R09: 0000000000000000
[  385.256529] R10: 0000000020000100 R11: 0000000000000293 R12: 0000000000000015
[  385.263782] R13: 00000000004c289a R14: 00000000004d41c8 R15: 0000000000000004
[  385.281055] BUG: sleeping function called from invalid context at mm/slab.h:421
[  385.288577] in_atomic(): 1, irqs_disabled(): 0, pid: 24283, name: syz-executor7
10:17:24 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x4000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  385.296078] INFO: lockdep is turned off.
[  385.300179] CPU: 1 PID: 24283 Comm: syz-executor7 Not tainted 4.18.0-rc3-next-20180709+ #2
[  385.308578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  385.317934] Call Trace:
[  385.320512]  <IRQ>
[  385.322676]  dump_stack+0x1c9/0x2b4
[  385.326318]  ? dump_stack_print_info.cold.2+0x52/0x52
[  385.331519]  ? vprintk_func+0x81/0xe7
[  385.335330]  ___might_sleep.cold.86+0x11f/0x13a
[  385.340004]  ? check_same_owner+0x340/0x340
10:17:24 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xc3ed0000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  385.344338]  __might_sleep+0x95/0x190
[  385.348145]  kmem_cache_alloc_trace+0x2bc/0x780
[  385.352824]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  385.358368]  ? refcount_sub_and_test+0x21a/0x350
[  385.363133]  ? device_create_file+0x1e0/0x1e0
[  385.367637]  kobject_uevent_env+0x20f/0x1110
[  385.372057]  kobject_uevent+0x1f/0x30
[  385.375866]  kobject_put+0x1fb/0x280
[  385.379605]  put_device+0x20/0x30
[  385.383064]  delete_partition_rcu_cb+0x147/0x1b0
[  385.387822]  ? read_dev_sector+0x4d0/0x4d0
[  385.392065]  rcu_process_callbacks+0xe01/0x2810
[  385.396742]  ? call_rcu_sched+0x20/0x20
[  385.400721]  ? lock_acquire+0x1e4/0x540
[  385.404681]  ? __run_timers+0xa09/0xc70
[  385.408644]  ? kasan_check_read+0x11/0x20
[  385.412777]  ? do_raw_spin_unlock+0xa7/0x2f0
[  385.417172]  ? kasan_check_write+0x14/0x20
[  385.421394]  ? trace_hardirqs_on+0xd/0x10
[  385.425530]  ? _raw_spin_unlock_irq+0x27/0x70
[  385.430025]  ? __run_timers+0xa37/0xc70
[  385.433987]  ? __bpf_trace_timer_expire_entry+0x30/0x30
[  385.439340]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  385.444343]  ? timerqueue_add+0x204/0x2b0
[  385.448477]  ? enqueue_hrtimer+0x18e/0x540
[  385.452694]  ? hrtimer_update_softirq_timer+0xa0/0xa0
[  385.457867]  ? do_raw_spin_unlock+0xa7/0x2f0
[  385.462261]  ? kasan_check_write+0x14/0x20
[  385.466479]  ? do_raw_spin_lock+0xc1/0x200
[  385.470699]  ? clockevents_program_event+0x158/0x370
[  385.475789]  ? lock_downgrade+0x8f0/0x8f0
[  385.479927]  ? pvclock_read_flags+0x160/0x160
[  385.484405]  ? hrtimer_start_range_ns+0xd20/0xd20
[  385.489240]  __do_softirq+0x2e8/0xb17
[  385.493030]  ? __irqentry_text_end+0x1f97a8/0x1f97a8
[  385.498117]  ? kasan_check_read+0x11/0x20
[  385.502249]  ? do_raw_spin_unlock+0xa7/0x2f0
[  385.506643]  ? native_apic_msr_write+0x5b/0x80
[  385.511212]  ? lapic_next_event+0x5a/0x90
[  385.515346]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  385.520869]  ? clockevents_program_event+0x140/0x370
[  385.525961]  ? tick_program_event+0xb2/0x130
[  385.530357]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  385.535879]  ? hrtimer_interrupt+0x57e/0x750
[  385.540276]  irq_exit+0x1d1/0x200
[  385.543730]  smp_apic_timer_interrupt+0x186/0x730
[  385.548558]  ? smp_call_function_single_interrupt+0x660/0x660
[  385.554444]  ? _raw_spin_unlock+0x22/0x30
[  385.558576]  ? handle_edge_irq+0x330/0x870
[  385.562796]  ? task_prio+0x50/0x50
[  385.566327]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  385.571158]  apic_timer_interrupt+0xf/0x20
[  385.575374]  </IRQ>
[  385.577600] RIP: 0010:__sanitizer_cov_trace_pc+0x26/0x50
[  385.583027] Code: 5d c3 66 90 55 65 48 8b 04 25 40 ee 01 00 65 8b 15 5f 73 85 7e 48 89 e5 81 e2 00 01 1f 00 48 8b 75 08 75 2b 8b 90 98 12 00 00 <83> fa 02 75 20 48 8b 88 a0 12 00 00 8b 80 9c 12 00 00 48 8b 11 48 
[  385.602203] RSP: 0018:ffff8801ca396bb0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[  385.609902] RAX: ffff8801c5c62240 RBX: ffff8801c9db6f10 RCX: ffffffff81ac0f6f
[  385.617158] RDX: 0000000000000000 RSI: ffffffff81ac0f7d RDI: 0000000000000007
[  385.624417] RBP: ffff8801ca396bb0 R08: ffff8801c5c62240 R09: fffff94000d02f5e
[  385.631673] R10: fffff94000d02f5e R11: ffffea0006817af3 R12: ffffea0006817ac0
[  385.638936] R13: 00007fc4545e3000 R14: dffffc0000000000 R15: 0000000000000000
[  385.646208]  ? unmap_page_range+0xf6f/0x2220
[  385.650599]  ? unmap_page_range+0xf7d/0x2220
[  385.654994]  unmap_page_range+0xf7d/0x2220
[  385.659224]  ? vm_normal_page_pmd+0x4d0/0x4d0
[  385.663709]  ? kasan_check_read+0x11/0x20
[  385.667843]  ? rcu_is_watching+0x8c/0x150
[  385.671977]  ? rcu_cleanup_dead_rnp+0x200/0x200
[  385.676632]  ? is_bpf_text_address+0xd7/0x170
[  385.681111]  ? kernel_text_address+0x79/0xf0
[  385.685503]  ? __kernel_text_address+0xd/0x40
[  385.689982]  ? unwind_get_return_address+0x61/0xa0
[  385.694902]  ? save_stack+0xa9/0xd0
[  385.698513]  ? __kasan_slab_free+0x11a/0x170
[  385.702903]  ? kasan_slab_free+0xe/0x10
[  385.706858]  ? kmem_cache_free+0x86/0x2d0
[  385.710992]  ? __khugepaged_exit+0x429/0x6a0
[  385.715388]  ? mmput+0x4e9/0x620
[  385.718741]  ? do_exit+0xea9/0x2750
[  385.722363]  ? do_group_exit+0x177/0x440
[  385.726412]  ? get_signal+0x88e/0x1970
[  385.730285]  ? do_signal+0x9c/0x21c0
[  385.733984]  ? exit_to_usermode_loop+0x2e0/0x370
[  385.738734]  ? do_syscall_64+0x6be/0x820
[  385.742781]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  385.748130]  ? kasan_check_read+0x11/0x20
[  385.752260]  ? do_raw_spin_unlock+0xa7/0x2f0
[  385.756658]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  385.762180]  ? uprobe_munmap+0x14c/0x440
[  385.766227]  ? uprobe_mmap+0xd20/0xd20
[  385.770109]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  385.774860]  ? retint_kernel+0x10/0x10
[  385.778732]  unmap_single_vma+0x1a0/0x310
[  385.782867]  unmap_vmas+0x120/0x1f0
[  385.786477]  exit_mmap+0x2c2/0x5b0
[  385.789999]  ? __ia32_sys_munmap+0x80/0x80
[  385.794238]  ? __khugepaged_exit+0x455/0x6a0
[  385.798636]  mmput+0x265/0x620
[  385.801813]  ? lock_downgrade+0x811/0x8f0
[  385.805955]  ? set_mm_exe_file+0x200/0x200
[  385.810176]  ? kasan_check_read+0x11/0x20
[  385.814308]  ? do_raw_spin_unlock+0xa7/0x2f0
[  385.818699]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  385.823272]  ? kasan_check_write+0x14/0x20
[  385.827492]  ? do_raw_spin_lock+0xc1/0x200
[  385.831708]  do_exit+0xea9/0x2750
[  385.835143]  ? plist_add+0x790/0x790
[  385.838853]  ? mm_update_next_owner+0x9a0/0x9a0
[  385.843517]  ? check_same_owner+0x340/0x340
[  385.847829]  ? do_raw_spin_unlock+0xa7/0x2f0
[  385.852220]  ? rcu_note_context_switch+0x730/0x730
[  385.857132]  ? lock_acquire+0x1e4/0x540
[  385.861092]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  385.866612]  ? futex_wait_queue_me+0x553/0x830
[  385.871180]  ? lock_acquire+0x1e4/0x540
[  385.876264]  ? futex_wait+0x300/0xa20
[  385.880050]  ? lock_downgrade+0x8f0/0x8f0
[  385.884182]  ? kasan_check_write+0x14/0x20
[  385.888407]  ? __unqueue_futex+0x1f8/0x2e0
[  385.892627]  ? trace_hardirqs_on+0x10/0x10
[  385.896843]  ? kasan_check_read+0x11/0x20
[  385.900976]  ? do_raw_spin_unlock+0xa7/0x2f0
[  385.905383]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  385.909959]  ? kasan_check_write+0x14/0x20
[  385.914178]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  385.919358]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  385.924893]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  385.929980]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  385.935516]  ? futex_wait+0x5d2/0xa20
[  385.939313]  ? futex_wait_setup+0x410/0x410
[  385.943619]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  385.948807]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  385.954330]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  385.959417]  ? futex_wake+0x304/0x760
[  385.963232]  ? memset+0x31/0x40
[  385.966504]  ? __dequeue_signal+0xf9/0x7d0
[  385.970735]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  385.976271]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  385.981790]  ? recalc_sigpending_tsk+0x180/0x180
[  385.986529]  ? get_signal+0x918/0x1970
[  385.990402]  ? lock_downgrade+0x8f0/0x8f0
[  385.994535]  do_group_exit+0x177/0x440
[  385.998407]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  386.002972]  ? __ia32_sys_exit+0x50/0x50
[  386.007021]  ? kasan_check_write+0x14/0x20
[  386.011238]  ? do_raw_spin_lock+0xc1/0x200
[  386.015460]  get_signal+0x88e/0x1970
[  386.019169]  ? ptrace_notify+0x130/0x130
[  386.023233]  ? kasan_check_read+0x11/0x20
[  386.027362]  ? do_raw_spin_unlock+0xa7/0x2f0
[  386.031764]  ? mntput_no_expire+0x18e/0xbc0
[  386.036073]  ? _raw_spin_unlock+0x22/0x30
[  386.040208]  ? dput.part.26+0x276/0x7a0
[  386.044170]  do_signal+0x9c/0x21c0
[  386.047794]  ? lock_acquire+0x1e4/0x540
[  386.051763]  ? task_work_run+0x1b3/0x2a0
[  386.055808]  ? lock_downgrade+0x8f0/0x8f0
[  386.059941]  ? setup_sigcontext+0x7d0/0x7d0
[  386.064250]  ? kasan_check_read+0x11/0x20
[  386.068385]  ? do_raw_spin_unlock+0xa7/0x2f0
[  386.072786]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  386.077351]  ? kasan_check_write+0x14/0x20
[  386.081571]  ? do_raw_spin_lock+0xc1/0x200
[  386.085792]  ? __x64_sys_futex+0x47f/0x6a0
[  386.090017]  exit_to_usermode_loop+0x2e0/0x370
[  386.094933]  ? syscall_slow_exit_work+0x500/0x500
[  386.099778]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  386.105298]  do_syscall_64+0x6be/0x820
[  386.109171]  ? syscall_slow_exit_work+0x500/0x500
[  386.113998]  ? syscall_return_slowpath+0x5e0/0x5e0
[  386.118924]  ? syscall_return_slowpath+0x31d/0x5e0
[  386.123840]  ? prepare_exit_to_usermode+0x291/0x3b0
[  386.129211]  ? perf_trace_sys_enter+0xb10/0xb10
[  386.133883]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  386.138718]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  386.143901] RIP: 0033:0x455e29
[  386.147072] Code: 38 4c 8b 95 30 fb ff ff 4c 8b 85 20 fb ff ff 49 39 c2 0f 85 b2 f4 ff ff 44 8b 8d 28 fb ff ff b8 ff ff ff 7f 44 29 c8 48 98 49 <39> c2 0f 86 00 f9 ff ff 48 c7 c0 d0 ff ff ff 64 c7 00 4b 00 00 00 
[  386.166235] RSP: 002b:00007fc453c22ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  386.173934] RAX: fffffffffffffe00 RBX: 000000000072bec0 RCX: 0000000000455e29
[  386.181198] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000072bec0
[  386.188454] RBP: 000000000072bec0 R08: 0000000000000035 R09: 000000000072bea0
10:17:25 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xedcd, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:25 executing program 7 (fault-call:9 fault-nth:5):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:25 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xaec1, 0x0)

[  386.195707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  386.202968] R13: 00007fff0111086f R14: 00007fc453c239c0 R15: 0000000000000000
10:17:25 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x300, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:25 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe0000000000000e, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:25 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
getresuid(&(0x7f0000000040), &(0x7f0000000100), &(0x7f0000000140))
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:25 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:25 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xedc6, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:25 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:25 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x3)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:25 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xedd1, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:25 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/.ev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:25 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae8b, 0x0)

10:17:25 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='//ev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:25 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xbced000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:25 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x9000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:25 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev//bd#\x00', 0xffffffffffffffff, 0x0)

10:17:25 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0x8004ae98, 0x0)

10:17:25 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xedc1, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:26 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:26 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe0000000e000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:26 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x2, 0x0)
getsockopt$IPT_SO_GET_REVISION_MATCH(r1, 0x0, 0x42, &(0x7f00000001c0)={'icmp6\x00'}, &(0x7f0000000200)=0x1e)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r3, 0x0, 0x1)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000040)={<r5=>0x0, 0x4}, &(0x7f0000000100)=0x8)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000000140)={r5, 0x1ff, 0x80000001}, 0x8)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
ioctl$KVM_GET_PIT(r1, 0xc048ae65, &(0x7f0000000380))
syslog(0x3, &(0x7f0000000240)=""/155, 0x9b)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000300)={&(0x7f0000012000/0x2000)=nil, 0x2000}, &(0x7f0000000340)=0x10)
tkill(r4, 0x1004000000016)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000400)={{&(0x7f0000012000/0x4000)=nil, 0x4000}})
close(r2)

10:17:26 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/.bd#\x00', 0xffffffffffffffff, 0x0)

10:17:26 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0x4138ae84, 0x0)

10:17:26 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x4000000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:26 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x4)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:26 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe000000, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:26 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nb.#\x00', 0xffffffffffffffff, 0x0)

10:17:26 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x1400000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:26 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xcced000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:26 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nb/#\x00', 0xffffffffffffffff, 0x0)

10:17:26 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0x81a0ae8c, 0x0)

10:17:26 executing program 6:
r0 = dup(0xffffffffffffff9c)
ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000100)={0x17, 0x2a, &(0x7f0000000040)="260e2c52e8e084f481c7db27db3c29fcecc7b06657d3361ae9aed018480db53634b15c5bc87374c6dea3"})
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:26 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x4800, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:26 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)="2f6465762f6e62642397", 0xffffffffffffffff, 0x0)

10:17:26 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x4, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:27 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000e00, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:27 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xedce, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:27 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0x4004ae8b, 0x0)

10:17:27 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#H', 0xffffffffffffffff, 0x0)

10:17:27 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xedd0, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:27 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1500)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:27 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:27 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:27 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xb9ed000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:27 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0x4004ae99, 0x0)

10:17:27 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x6f090000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:27 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:27 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000100)="35330c0666c2504bbd170bafcc4d615b48c2b0da12cf54ebc4dcba1586db46468b071433098de1d5298a0fe38421030677b455fcb2bc271a56edb5af51")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x4000080)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x2000000000000000, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r0, 0x0, 0xb6d1166960612bba)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x400000002)
close(r1)

10:17:27 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd1ed, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:27 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xc0045878, 0x0)

10:17:27 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x3000000000000000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:27 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:27 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:27 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xedd2, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:27 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae2a, 0x0)

10:17:27 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x97ffffff00000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:28 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:28 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:28 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x3)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:28 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xc2ed000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:28 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae11, 0x0)

10:17:28 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:28 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = semget(0x3, 0x2, 0x102)
semctl$GETZCNT(r1, 0x3, 0xf, &(0x7f0000000100)=""/154)
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x33, 0xffffffffffffffff, 0x0)
r2 = dup3(0xffffffffffffff9c, r0, 0x80000)
getsockopt$XDP_STATISTICS(r2, 0x11b, 0x7, &(0x7f00000001c0), &(0x7f0000000200)=0x18)
r3 = userfaultfd(0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r4, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r5 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r4, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
open$dir(&(0x7f0000000040)='./control\x00', 0xc53dca08b4dadec7, 0x1)
tkill(r5, 0x1004000000016)
close(r3)

10:17:28 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xfdffffff00000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:28 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xd0ed0000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:28 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xc0045877, 0x0)

10:17:28 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x40000000, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:28 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
get_robust_list(r3, &(0x7f0000000200)=&(0x7f00000001c0)={&(0x7f0000000100)={&(0x7f0000000040)}, 0x0, &(0x7f0000000180)={&(0x7f0000000140)}}, &(0x7f0000000240)=0x18)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:28 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:28 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xc0ed, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:28 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x3)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:28 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0x4048ae9b, 0x0)

10:17:29 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000100)={0x3, &(0x7f0000000040)=[{0xfffffffffffffffb, 0x1ff, 0x6, 0x3}, {0x2d7, 0xffffffff, 0xaa, 0xe0a}, {0x9, 0x7, 0x3, 0x2}]}, 0x10)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:29 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x6f09, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:29 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)="2f6465762f6e626423fd", 0xffffffffffffffff, 0x0)

10:17:29 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x4)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:29 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae3b, 0x0)

10:17:29 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x10000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:29 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:29 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xceed000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:29 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xffffff7f00000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:29 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0x4020940d, 0x0)

10:17:29 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:29 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:29 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:29 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x6800000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:29 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x4)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:29 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0x2, 0x0)

10:17:29 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
writev(r2, &(0x7f0000000100)=[{&(0x7f00000001c0)="390000001300094700bb61e1c3e4ffff0600000001000000450d00002000000019000a000d0000000000280f00000007fd17e1ffff06060400", 0x39}], 0x1)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r3, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r4, 0x1004000000016)
close(r1)

10:17:29 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xbeed, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:29 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:29 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
getsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000040)={<r4=>0x0, 0x1ff}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000140)={r4, 0x42, "dae9398987dc55b94e9ad8599c43f05731fcf36e16c837b0a0c908f3c7fc5e59186a53a3857d5714a9026516d8c4a6be678ab7298500def04bf38c419f63b96cb255"}, &(0x7f00000001c0)=0x4a)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
fdatasync(r1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:29 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0x41a0ae8d, 0x0)

10:17:29 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:29 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xe4ffffff00000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  391.021357] netlink: 'syz-executor3': attribute type 10 has an invalid length.
10:17:30 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xceed0000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:30 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:30 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xceed, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:30 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x3)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:30 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
fcntl$getown(r0, 0x9)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)
r4 = shmget(0x0, 0x1000, 0x848, &(0x7f0000013000/0x1000)=nil)
shmctl$IPC_STAT(r4, 0x2, &(0x7f0000000100)=""/4096)

10:17:30 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae17, 0x0)

10:17:30 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:30 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1500)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:30 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xedbf, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

[  391.861724] netlink: 'syz-executor3': attribute type 10 has an invalid length.
10:17:30 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x100)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:30 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:30 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x4c00000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:30 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000040)=@assoc_value={<r2=>0x0}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000140)=@assoc_id=r2, &(0x7f0000000180)=0x4)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r3, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r4, 0x1004000000016)
close(r1)

10:17:30 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xaecd, 0x0)

10:17:30 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x7a00000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:30 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:30 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x9, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:30 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:31 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x300, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:31 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x30000000)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:31 executing program 6:
r0 = syz_open_dev$amidi(&(0x7f0000000240)='/dev/amidi#\x00', 0x4, 0x200000)
write$fuse(r0, &(0x7f00000002c0)={0x50, 0x1, 0x5, @fuse_init_out={0x7, 0x1b, 0x3, 0x80000000, 0x40, 0x5, 0x8, 0x6}}, 0x50)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000280)={'ip6tnl0\x00', {0x2, 0x4e22, @loopback=0x7f000001}})
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
syz_open_dev$amidi(&(0x7f0000000200)='/dev/amidi#\x00', 0x0, 0x40)
ioctl(r1, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f0000000100)=ANY=[@ANYRES32=<r4=>0x0, @ANYBLOB="42000000c60732f4264223fdad681fa6028485dbf67e872f65e4b445b9332279651534b4ad703acc4f10f2d6a48e6ae769dbc9119fcbf0d0396007334e889536c5bf4e4f6ea6"], &(0x7f0000000040)=0x4a)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000180)=@sack_info={r4, 0x3, 0x3b3a}, &(0x7f00000001c0)=0xc)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r5 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r3, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r5, 0x1004000000016)
close(r2)

10:17:31 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae12, 0x0)

10:17:31 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)="2f6465762f6e626423ff", 0xffffffffffffffff, 0x0)

10:17:31 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x500000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:31 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
pipe2(&(0x7f0000000040), 0x84800)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:31 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x8000000007fffc)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:31 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x7000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:31 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)="2f6465762f6e626423ff", 0xffffffffffffffff, 0x0)

10:17:31 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x4000)=nil, 0x4000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
clock_gettime(0x0, &(0x7f0000000100)={<r2=>0x0, <r3=>0x0})
ppoll(&(0x7f0000000040)=[{r0, 0x38dba4a8176dc6f4}, {r0, 0x9210}, {r1, 0x40}, {r0, 0x308}], 0x4, &(0x7f0000000140)={r2, r3+30000000}, &(0x7f0000000180)={0x7}, 0x8)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r4 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r4, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r5 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r4, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r5, 0x1004000000016)
close(r0)

10:17:31 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xaefe, 0x0)

10:17:31 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xbded0000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:31 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\t', 0xffffffffffffffff, 0x0)

10:17:31 executing program 3:
socket$inet6(0xa, 0x1000000000002, 0x0)
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r1, 0xe, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r2, 0x1004000000016)
getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000040)={<r3=>0x0, 0x9, 0x3, 0x401}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000140)={r3, 0x3f}, &(0x7f0000000180)=0x8)
close(r0)

10:17:31 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xedc4, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:31 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)="2f6465762f6e62642302", 0xffffffffffffffff, 0x0)

10:17:32 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x300)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:32 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x7, 0x10000)
close(r1)

10:17:32 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x3f00000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:32 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)="2f6465762f6e62642305", 0xffffffffffffffff, 0x0)

10:17:32 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xae48, 0x0)

10:17:32 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
socket$vsock_dgram(0x28, 0x2, 0x0)
r2 = creat(&(0x7f0000000040)='./control\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
sched_setparam(r3, &(0x7f0000000100))
close(r1)

10:17:32 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xc4ed000000000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:32 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:32 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0x4090ae82, 0x0)

10:17:32 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:32 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xffffffff00000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:32 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='sessionid\x00')
ioctl$SNDRV_TIMER_IOCTL_INFO(r2, 0x80e85411, &(0x7f0000000100)=""/224)
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {0x7}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r3, 0xe00000000000000, 0x1)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r4, 0x1004000000016)
close(r1)
fgetxattr(0xffffffffffffffff, &(0x7f0000000300)=@random={'osx.', 'sessionid\x00'}, &(0x7f0000000340)=""/4096, 0x1000)
clock_gettime(0x0, &(0x7f0000000240)={<r5=>0x0, <r6=>0x0})
futex(&(0x7f0000000200)=0x2, 0x0, 0x2, &(0x7f0000000280)={r5, r6+30000000}, &(0x7f00000002c0)=0x1, 0x0)

10:17:32 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0xffffffffffff6cb5, 0x248002)
openat$cgroup_procs(r2, &(0x7f0000000140)='cgroup.threads\x00', 0x2, 0x0)
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'ip6tnl0\x00', <r5=>0x0})
connect$packet(r2, &(0x7f0000000240)={0x11, 0x11, r5, 0x1, 0xffffffff, 0x6, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x1f}}, 0x14)
lseek(r3, 0xe, 0x1)
setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000040)=0x8001, 0x4)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
tkill(r4, 0x1004000000016)
close(r1)

10:17:32 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x8, 0x1c010, r0, 0xfffffffffdfffffd)
r1 = userfaultfd(0x80000)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:32 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0xc0189436, 0x0)

10:17:33 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:33 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0xe00)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:33 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r3 = gettid()
io_setup(0x84, &(0x7f0000000300)=<r4=>0x0)
r5 = syz_open_procfs(r3, &(0x7f0000000140)='net/l2cap\x00')
io_submit(r4, 0x2, &(0x7f00000002c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x2, r1, &(0x7f0000000100)="ee153dade0ec15418a3add9c978e13ac5358a9e61dec2d306862c9a4cef23d2364c678", 0x23, 0x9, 0x0, 0x0, r5}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x7, 0x9, r1, &(0x7f00000001c0)="721403d81796873b2c6a3866dd08f2b3be4dfbdb67a3431577d048386f35e0c1bd8d18181d6039c85a7ae998cb2c09928381191cc2df3de8c5d3392d257f3f90bf6a4d81bb2a1c6f8832eaad45192b6a58105a9b4be37c0f9a0f579f5c6b81d68dd3e593a549e51af345c0622fb55be7ef62811bd9b344873591c4c22afe8fa97221103eea12e94886968b94fe6e3f", 0x8f, 0x7, 0x0, 0x0, r2}])
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r2, 0x0, 0x2)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r3, 0x1004000000016)
close(r1)

10:17:33 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0x6000000, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:33 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:33 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$usbmon(&(0x7f0000000300)='/dev/usbmon#\x00', 0x400, 0x20000)
ioctl$RTC_SET_TIME(r2, 0x4024700a, &(0x7f0000000340)={0x32, 0x1e, 0x17, 0x14, 0x1, 0x7, 0x3, 0x12e, 0xffffffffffffffff})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
lseek(r3, 0x0, 0x1)
timer_create(0x3, &(0x7f0000000040)={0x0, 0x2b, 0x0, @thr={&(0x7f0000000100)="ff6f635ac52d4c43ce47fa7ecb4625ee662e80ccd885006b88457b1b5d5331ed511ac27caa1dfc63a8aae6c03b4d7ad990a96ace4c2f249731d185c511f1fe4b30bd39be1c76a3a668166005a40171811f47713432d72c46f7d299a7bc671fa748329ec0076c1920768239ef5cf0722d2482520c1700ac32ec94c520aab9594889b1b535e35279d268a3161995d668d0bf5f972f4c0ff798a5e33a6813616beefd76656aa6aae49b7112484ab2c14accc43d9c230a89b344dab58a357da6a489", &(0x7f00000001c0)="a8ec3dc070b12fdf68262e4d6ff3b303fbe5440adb755316efeba7e9019bccad29964e9301fd466f871365e5ca06520adce0a0485958b6c2682d68154be60bfc8e91e6d38771be07a73f6ac7256888dbd62da7d67fe08bfb5fc690286981e8663da7cb8f4180aef459579262c804195970388fdffea8d2705e232c772fb2af9ff48b1113375b8b5813a9c3be191ef23242be9a12f52bd5cdfb144b5e3593fb855ca6e9df47661246e28b7e60f6898fb10d67d2"}}, &(0x7f0000000280)=<r5=>0x0)
fcntl$notify(r1, 0x402, 0x8)
timer_settime(r5, 0x3, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f00000002c0))
tkill(r4, 0x1004000000016)
close(r1)

10:17:33 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235004000000f30b805000000b90d0000000f01c10f01d12e0f01cfb826cb45ab0f23c80f21f8350800c0000f23f8b8010000000f01c1b9800000c00f3235002000000f30debd350000003e0f01c9b9140200000f32", 0x5c}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060"}], 0xaaaaaaaaaaaa84c, 0x0, &(0x7f0000000140), 0x10000000000000c5)
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000080)={0x77359400}, 0x1)
ioctl$KVM_RUN(r6, 0x40049409, 0x0)

10:17:33 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfff, 0x200000)
write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x84, 0x1, 0x1}}, 0x14)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)

10:17:33 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070")
r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000040)={0x1, 0xedcb, 0x11, &(0x7f0000000080)="0070c600100000ec2372070229363bd708"})

10:17:33 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/