[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 56.648605][ T23] audit: type=1800 audit(1574140788.869:25): pid=8749 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 56.669295][ T23] audit: type=1800 audit(1574140788.869:26): pid=8749 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 56.719051][ T23] audit: type=1800 audit(1574140788.869:27): pid=8749 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.81' (ECDSA) to the list of known hosts. 2019/11/19 05:19:59 fuzzer started 2019/11/19 05:20:01 dialing manager at 10.128.0.26:39077 2019/11/19 05:20:02 syscalls: 2566 2019/11/19 05:20:02 code coverage: enabled 2019/11/19 05:20:02 comparison tracing: enabled 2019/11/19 05:20:02 extra coverage: enabled 2019/11/19 05:20:02 setuid sandbox: enabled 2019/11/19 05:20:02 namespace sandbox: enabled 2019/11/19 05:20:02 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/19 05:20:02 fault injection: enabled 2019/11/19 05:20:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/19 05:20:02 net packet injection: enabled 2019/11/19 05:20:02 net device setup: enabled 2019/11/19 05:20:02 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/19 05:20:02 devlink PCI setup: PCI device 0000:00:10.0 is not available 05:22:07 executing program 0: 05:22:08 executing program 1: syzkaller login: [ 195.814684][ T8916] IPVS: ftp: loaded support on port[0] = 21 [ 196.004785][ T8919] IPVS: ftp: loaded support on port[0] = 21 [ 196.008056][ T8916] chnl_net:caif_netlink_parms(): no params data found [ 196.092228][ T8916] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.118088][ T8916] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.125923][ T8916] device bridge_slave_0 entered promiscuous mode 05:22:08 executing program 2: [ 196.146910][ T8916] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.156001][ T8916] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.165249][ T8916] device bridge_slave_1 entered promiscuous mode [ 196.253035][ T8916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 196.289145][ T8916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 196.313179][ T8919] chnl_net:caif_netlink_parms(): no params data found [ 196.343199][ T8922] IPVS: ftp: loaded support on port[0] = 21 [ 196.363881][ T8916] team0: Port device team_slave_0 added [ 196.391884][ T8916] team0: Port device team_slave_1 added [ 196.398529][ T8919] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.405688][ T8919] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.413999][ T8919] device bridge_slave_0 entered promiscuous mode [ 196.423720][ T8919] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.430937][ T8919] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.439200][ T8919] device bridge_slave_1 entered promiscuous mode 05:22:08 executing program 3: [ 196.522025][ T8916] device hsr_slave_0 entered promiscuous mode [ 196.578247][ T8916] device hsr_slave_1 entered promiscuous mode [ 196.656869][ T8919] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 196.677077][ T8924] IPVS: ftp: loaded support on port[0] = 21 05:22:08 executing program 4: [ 196.704289][ T8919] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 196.744630][ T8916] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 196.794072][ T8916] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 196.860228][ T8916] netdevsim netdevsim0 netdevsim2: renamed from eth2 05:22:09 executing program 5: [ 196.929455][ T8919] team0: Port device team_slave_0 added [ 196.936762][ T8919] team0: Port device team_slave_1 added [ 196.958640][ T8916] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 197.043732][ T8916] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.051054][ T8916] bridge0: port 2(bridge_slave_1) entered forwarding state [ 197.059007][ T8916] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.066103][ T8916] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.076953][ T2852] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.085113][ T2852] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.179914][ T8919] device hsr_slave_0 entered promiscuous mode [ 197.218344][ T8919] device hsr_slave_1 entered promiscuous mode [ 197.288098][ T8919] debugfs: Directory 'hsr0' with parent '/' already present! [ 197.312124][ T8926] IPVS: ftp: loaded support on port[0] = 21 [ 197.343441][ T8928] IPVS: ftp: loaded support on port[0] = 21 [ 197.381487][ T8922] chnl_net:caif_netlink_parms(): no params data found [ 197.462494][ T8919] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 197.534267][ T8919] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 197.613661][ T8919] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 197.722047][ T8926] chnl_net:caif_netlink_parms(): no params data found [ 197.731610][ T8919] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 197.800210][ T8922] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.807311][ T8922] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.815856][ T8922] device bridge_slave_0 entered promiscuous mode [ 197.826568][ T8922] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.833734][ T8922] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.841872][ T8922] device bridge_slave_1 entered promiscuous mode [ 197.920600][ T8922] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.987041][ T8922] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.005279][ T8916] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.024780][ T8926] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.032459][ T8926] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.041487][ T8926] device bridge_slave_0 entered promiscuous mode [ 198.056338][ T8924] chnl_net:caif_netlink_parms(): no params data found [ 198.084625][ T8926] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.093189][ T8926] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.101661][ T8926] device bridge_slave_1 entered promiscuous mode [ 198.121858][ T8922] team0: Port device team_slave_0 added [ 198.142345][ T8928] chnl_net:caif_netlink_parms(): no params data found [ 198.154793][ T8922] team0: Port device team_slave_1 added [ 198.171243][ T8926] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.219574][ T8916] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.230583][ T8926] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.293329][ T8922] device hsr_slave_0 entered promiscuous mode [ 198.348387][ T8922] device hsr_slave_1 entered promiscuous mode [ 198.418034][ T8922] debugfs: Directory 'hsr0' with parent '/' already present! [ 198.426011][ T8924] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.433301][ T8924] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.441484][ T8924] device bridge_slave_0 entered promiscuous mode [ 198.449626][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.460413][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.468761][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 198.477300][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 198.486377][ T2852] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.493503][ T2852] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.511603][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 198.521557][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 198.530218][ T3886] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.537253][ T3886] bridge0: port 2(bridge_slave_1) entered forwarding state [ 198.563902][ T8924] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.571290][ T8924] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.579875][ T8924] device bridge_slave_1 entered promiscuous mode [ 198.598889][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 198.618001][ T8928] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.625081][ T8928] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.634354][ T8928] device bridge_slave_0 entered promiscuous mode [ 198.644115][ T8928] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.651784][ T8928] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.659606][ T8928] device bridge_slave_1 entered promiscuous mode [ 198.673532][ T8926] team0: Port device team_slave_0 added [ 198.686942][ T8926] team0: Port device team_slave_1 added [ 198.704307][ T8919] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.722630][ T8924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.750450][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 198.760985][ T8928] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.773207][ T8928] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.788619][ T8924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.840046][ T8926] device hsr_slave_0 entered promiscuous mode [ 198.878337][ T8926] device hsr_slave_1 entered promiscuous mode [ 198.918052][ T8926] debugfs: Directory 'hsr0' with parent '/' already present! [ 198.943171][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 198.953792][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 198.975500][ T8922] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 199.029825][ T8922] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 199.070622][ T8922] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 199.114317][ T8922] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 199.184821][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 199.193344][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 199.202145][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.211737][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 199.220548][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 199.238551][ T8924] team0: Port device team_slave_0 added [ 199.246138][ T8928] team0: Port device team_slave_0 added [ 199.265858][ T8916] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 199.277592][ T8916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 199.291091][ T8924] team0: Port device team_slave_1 added [ 199.298770][ T8928] team0: Port device team_slave_1 added [ 199.316392][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 199.326308][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 199.335280][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.343135][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.353076][ T8919] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.376874][ T8916] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 199.397393][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 199.405317][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 199.511666][ T8924] device hsr_slave_0 entered promiscuous mode [ 199.578848][ T8924] device hsr_slave_1 entered promiscuous mode [ 199.638143][ T8924] debugfs: Directory 'hsr0' with parent '/' already present! [ 199.647162][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.656252][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.664764][ T3889] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.671865][ T3889] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.679881][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.688816][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.697161][ T3889] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.704246][ T3889] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.711922][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.721657][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.731156][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 199.739217][ T8926] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 199.793982][ T8926] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 199.891221][ T8928] device hsr_slave_0 entered promiscuous mode [ 199.938423][ T8928] device hsr_slave_1 entered promiscuous mode [ 199.978043][ T8928] debugfs: Directory 'hsr0' with parent '/' already present! 05:22:12 executing program 0: openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) sched_setscheduler(0x0, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x3f, 0x3}, 0x0) open(0x0, 0x0, 0x0) ioctl$IOC_PR_PREEMPT_ABORT(0xffffffffffffffff, 0x401870cc, &(0x7f00000000c0)={0xa14, 0x9, 0xe9e7e898, 0x3ff}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RWALK(0xffffffffffffffff, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x0) write$P9_RWALK(r0, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8) r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) pipe(&(0x7f0000000300)) close(0xffffffffffffffff) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000040)) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, &(0x7f0000000780)=ANY=[@ANYBLOB="010000000000000000000000040000000000000000000000ddff0000fd000000000000000000000000000000000000007d740000000000000000f0124a61face70920ded5b264bcde8a2e4f31b033ec28b4e01991c194d35b22831c2716adfbe72f65002f4c281a2a3dc874108588befdb8852bea78e7dff87f6c3f06cbb182219a0e0dc19a35d6a20a0baa2ed8dbc6ac4b60b7f4e7ffe38f2fe2a2c4939b9b25f749f73e12d4bd5e87e95dd23edb42e1c32e320a5ca666680be0953c279596988ee9f6f3b09c1df71c22248ce24a83a09b0b6d9b4c01588f7b9a4cac7dc78ecea66447f8171ce752c43f3928c18090d37ce86786079829c1df452ef87a29580661684491d3e8eeb8ea5d336a8010000003e5de40e1cc396c213031e5748a74968c35a41c2660c7446cd6da3c148"]) ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000000)={0x0, 0x10}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) [ 200.022793][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.043102][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.074757][ T8926] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 200.120316][ T8926] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 200.189908][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.203725][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.212637][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.221756][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 200.230333][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 200.238901][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 200.242631][ T8938] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 200.247384][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 200.273812][ T8919] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 200.346015][ T8928] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 200.377894][ C0] hrtimer: interrupt took 43252 ns [ 200.409766][ T8928] netdevsim netdevsim5 netdevsim1: renamed from eth1 05:22:12 executing program 0: openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) sched_setscheduler(0x0, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x3f, 0x3}, 0x0) open(0x0, 0x0, 0x0) ioctl$IOC_PR_PREEMPT_ABORT(0xffffffffffffffff, 0x401870cc, &(0x7f00000000c0)={0xa14, 0x9, 0xe9e7e898, 0x3ff}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RWALK(0xffffffffffffffff, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x0) write$P9_RWALK(r0, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8) r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) pipe(&(0x7f0000000300)) close(0xffffffffffffffff) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000040)) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, &(0x7f0000000780)=ANY=[@ANYBLOB="010000000000000000000000040000000000000000000000ddff0000fd000000000000000000000000000000000000007d740000000000000000f0124a61face70920ded5b264bcde8a2e4f31b033ec28b4e01991c194d35b22831c2716adfbe72f65002f4c281a2a3dc874108588befdb8852bea78e7dff87f6c3f06cbb182219a0e0dc19a35d6a20a0baa2ed8dbc6ac4b60b7f4e7ffe38f2fe2a2c4939b9b25f749f73e12d4bd5e87e95dd23edb42e1c32e320a5ca666680be0953c279596988ee9f6f3b09c1df71c22248ce24a83a09b0b6d9b4c01588f7b9a4cac7dc78ecea66447f8171ce752c43f3928c18090d37ce86786079829c1df452ef87a29580661684491d3e8eeb8ea5d336a8010000003e5de40e1cc396c213031e5748a74968c35a41c2660c7446cd6da3c148"]) ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000000)={0x0, 0x10}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) [ 200.469275][ T8922] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.571670][ T8924] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 200.629342][ T8928] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 200.680800][ T8928] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 200.720200][ T8924] netdevsim netdevsim3 netdevsim1: renamed from eth1 05:22:13 executing program 0: openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) sched_setscheduler(0x0, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x3f, 0x3}, 0x0) open(0x0, 0x0, 0x0) ioctl$IOC_PR_PREEMPT_ABORT(0xffffffffffffffff, 0x401870cc, &(0x7f00000000c0)={0xa14, 0x9, 0xe9e7e898, 0x3ff}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RWALK(0xffffffffffffffff, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x0) write$P9_RWALK(r0, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8) r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) pipe(&(0x7f0000000300)) close(0xffffffffffffffff) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000040)) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, &(0x7f0000000780)=ANY=[@ANYBLOB="010000000000000000000000040000000000000000000000ddff0000fd000000000000000000000000000000000000007d740000000000000000f0124a61face70920ded5b264bcde8a2e4f31b033ec28b4e01991c194d35b22831c2716adfbe72f65002f4c281a2a3dc874108588befdb8852bea78e7dff87f6c3f06cbb182219a0e0dc19a35d6a20a0baa2ed8dbc6ac4b60b7f4e7ffe38f2fe2a2c4939b9b25f749f73e12d4bd5e87e95dd23edb42e1c32e320a5ca666680be0953c279596988ee9f6f3b09c1df71c22248ce24a83a09b0b6d9b4c01588f7b9a4cac7dc78ecea66447f8171ce752c43f3928c18090d37ce86786079829c1df452ef87a29580661684491d3e8eeb8ea5d336a8010000003e5de40e1cc396c213031e5748a74968c35a41c2660c7446cd6da3c148"]) ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000000)={0x0, 0x10}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) [ 200.761070][ T8924] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 200.852035][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 200.859791][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 200.878801][ T8919] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 200.892672][ T8922] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.902143][ T8924] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 200.958319][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 200.966173][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.976794][ T8926] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.991577][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.005604][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.014730][ T2852] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.021830][ T2852] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.029650][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.038631][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.047072][ T2852] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.054175][ T2852] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.071524][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.095683][ T8926] 8021q: adding VLAN 0 to HW filter on device team0 05:22:13 executing program 0: openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) sched_setscheduler(0x0, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x3f, 0x3}, 0x0) open(0x0, 0x0, 0x0) ioctl$IOC_PR_PREEMPT_ABORT(0xffffffffffffffff, 0x401870cc, &(0x7f00000000c0)={0xa14, 0x9, 0xe9e7e898, 0x3ff}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RWALK(0xffffffffffffffff, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x0) write$P9_RWALK(r0, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8) r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) pipe(&(0x7f0000000300)) close(0xffffffffffffffff) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000040)) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, &(0x7f0000000780)=ANY=[@ANYBLOB="010000000000000000000000040000000000000000000000ddff0000fd000000000000000000000000000000000000007d740000000000000000f0124a61face70920ded5b264bcde8a2e4f31b033ec28b4e01991c194d35b22831c2716adfbe72f65002f4c281a2a3dc874108588befdb8852bea78e7dff87f6c3f06cbb182219a0e0dc19a35d6a20a0baa2ed8dbc6ac4b60b7f4e7ffe38f2fe2a2c4939b9b25f749f73e12d4bd5e87e95dd23edb42e1c32e320a5ca666680be0953c279596988ee9f6f3b09c1df71c22248ce24a83a09b0b6d9b4c01588f7b9a4cac7dc78ecea66447f8171ce752c43f3928c18090d37ce86786079829c1df452ef87a29580661684491d3e8eeb8ea5d336a8010000003e5de40e1cc396c213031e5748a74968c35a41c2660c7446cd6da3c148"]) ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000000)={0x0, 0x10}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) [ 201.142130][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.153616][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.173560][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.194241][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 05:22:13 executing program 1: setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f00000008c0), 0x4) bind$inet(0xffffffffffffffff, 0x0, 0x0) sync() [ 201.376407][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.394376][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.403946][ T112] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.411113][ T112] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.459846][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.470228][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.481177][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.490663][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.502591][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.511690][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.521006][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.529568][ T112] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.536624][ T112] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.544333][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.554074][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.569461][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.578761][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 05:22:13 executing program 1: prlimit64(0x0, 0xe, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) socket$inet_udp(0x2, 0x2, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000780)=ANY=[@ANYBLOB="01000000000000000000000004"]) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)) [ 201.601189][ T8922] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 201.613436][ T8922] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 201.649372][ T8922] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.723569][ T8928] 8021q: adding VLAN 0 to HW filter on device bond0 05:22:14 executing program 0: r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) perf_event_open(&(0x7f0000002500)={0x0, 0x70, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x20004, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3f, 0x4, @perf_config_ext={0x1}, 0x0, 0x0, 0x0, 0x1, 0x1, 0xff, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xb) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000180), 0x127) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40086602, 0x400007) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYPTR64], 0xff39) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r3, 0x0, 0x486, &(0x7f0000000000), &(0x7f0000000040)=0xc) r4 = socket(0x40000000015, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(r4, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) r5 = syz_genetlink_get_family_id$fou(&(0x7f0000000140)='fou\x00') r6 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r6, &(0x7f0000000300)={0x2, 0x4e20, @local}, 0x10) sendto$inet(r6, 0x0, 0x100000351, 0x20020059, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) ioctl$int_in(r6, 0x5452, &(0x7f00000003c0)=0xe1) shutdown(r6, 0x1) accept4(r6, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000080)=0x80, 0x80000) bind(0xffffffffffffffff, &(0x7f0000000100)=@xdp={0x2c, 0x0, r7, 0x2a}, 0x80) r8 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r8, &(0x7f0000000300)={0x2, 0x4e20, @local}, 0x10) sendto$inet(r8, 0x0, 0x100000351, 0x20020059, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) shutdown(r8, 0x1) accept4(r8, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000080)=0x80, 0x80000) bind(0xffffffffffffffff, &(0x7f0000000100)=@xdp={0x2c, 0x0, r9, 0x2a}, 0x80) sendmsg$FOU_CMD_DEL(r4, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000400)={&(0x7f0000000180)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="000127bd7000fedbdf2502000000080001004e24000014000700fe80000000000a00000000000000002008000b00", @ANYRES32=r7, @ANYBLOB="0800020002000000080001004e23000014000700fe8800000000000000000000000000011400090075fb730469852e872682a34c7818516f08000b00", @ANYRES32=r9], 0x78}, 0x1, 0x0, 0x0, 0x811}, 0xc80) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8936, &(0x7f0000000100)={@remote, 0x3d, r7}) write$cgroup_pid(r2, &(0x7f0000000000), 0x10000000d) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001c00)='memory.events\x00', 0x7a10, 0x1700) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000080)) 05:22:14 executing program 1: prlimit64(0x0, 0xe, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) socket$inet_udp(0x2, 0x2, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000780)=ANY=[@ANYBLOB="01000000000000000000000004"]) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)) [ 201.783885][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.829311][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.867088][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.895801][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.904641][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.913440][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.922194][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.931381][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.942114][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 201.967501][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 201.975952][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 201.994521][ T8926] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 202.039038][ T8926] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 202.065485][ T8924] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.077608][ T8976] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 202.089516][ T8928] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.107451][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 202.115959][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 202.124596][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 202.134939][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 202.143364][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 202.196079][ T8926] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.235272][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 05:22:14 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) socket$inet_udp(0x2, 0x2, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000780)=ANY=[@ANYBLOB="01000000000000000000000004"]) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)) [ 202.268253][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.276901][ T3886] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.284299][ T3886] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.330996][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 202.340090][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 202.349162][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 202.356881][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 202.369966][ T8924] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.378421][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 202.386490][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.395281][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.404454][ T3886] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.411646][ T3886] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.508013][ T23] kauditd_printk_skb: 3 callbacks suppressed [ 202.508027][ T23] audit: type=1804 audit(1574140934.719:31): pid=8979 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir104871621/syzkaller.rYUtwi/5/memory.events" dev="sda1" ino=16523 res=1 [ 202.524510][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 202.553785][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.563018][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.572705][ T3889] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.580015][ T3889] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.588935][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.597778][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.606636][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.618269][ T3889] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.625350][ T3889] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.629367][ T23] audit: type=1800 audit(1574140934.719:32): pid=8979 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="memory.events" dev="sda1" ino=16523 res=0 [ 202.633765][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 202.669188][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.671374][ T23] audit: type=1804 audit(1574140934.879:33): pid=8979 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir104871621/syzkaller.rYUtwi/5/memory.events" dev="sda1" ino=16523 res=1 [ 202.681506][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 202.712801][ T23] audit: type=1800 audit(1574140934.879:34): pid=8979 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="memory.events" dev="sda1" ino=16523 res=0 [ 202.716233][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.745272][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 202.754059][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 202.764116][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 202.772697][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 202.781180][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 202.795185][ T8928] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 202.816355][ T8928] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 202.834488][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 202.859582][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 202.873173][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.901503][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 202.910183][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.919119][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 202.927538][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.937656][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 202.945234][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 202.959400][ T8924] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 202.973176][ T8924] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 202.993478][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 203.011449][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 203.040143][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 203.053901][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 203.062437][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 203.084158][ T8928] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.119246][ T8924] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.130319][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 203.139535][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 203.146923][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 05:22:15 executing program 3: sendmsg$TIPC_CMD_SHOW_STATS(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x1}) ppoll(&(0x7f00000000c0)=[{}], 0x20000000000000d8, 0x0, 0x0, 0xfffffffffffffd6a) 05:22:15 executing program 1: prlimit64(0x0, 0xe, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) socket$inet_udp(0x2, 0x2, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000780)=ANY=[@ANYBLOB="01000000000000000000000004"]) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)) 05:22:15 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) socket$inet_udp(0x2, 0x2, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000780)=ANY=[@ANYBLOB="01000000000000000000000004"]) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)) 05:22:15 executing program 0: r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) perf_event_open(&(0x7f0000002500)={0x0, 0x70, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x20004, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3f, 0x4, @perf_config_ext={0x1}, 0x0, 0x0, 0x0, 0x1, 0x1, 0xff, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xb) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000180), 0x127) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40086602, 0x400007) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYPTR64], 0xff39) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r3, 0x0, 0x486, &(0x7f0000000000), &(0x7f0000000040)=0xc) r4 = socket(0x40000000015, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(r4, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) r5 = syz_genetlink_get_family_id$fou(&(0x7f0000000140)='fou\x00') r6 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r6, &(0x7f0000000300)={0x2, 0x4e20, @local}, 0x10) sendto$inet(r6, 0x0, 0x100000351, 0x20020059, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) ioctl$int_in(r6, 0x5452, &(0x7f00000003c0)=0xe1) shutdown(r6, 0x1) accept4(r6, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000080)=0x80, 0x80000) bind(0xffffffffffffffff, &(0x7f0000000100)=@xdp={0x2c, 0x0, r7, 0x2a}, 0x80) r8 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r8, &(0x7f0000000300)={0x2, 0x4e20, @local}, 0x10) sendto$inet(r8, 0x0, 0x100000351, 0x20020059, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) shutdown(r8, 0x1) accept4(r8, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000080)=0x80, 0x80000) bind(0xffffffffffffffff, &(0x7f0000000100)=@xdp={0x2c, 0x0, r9, 0x2a}, 0x80) sendmsg$FOU_CMD_DEL(r4, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000400)={&(0x7f0000000180)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="000127bd7000fedbdf2502000000080001004e24000014000700fe80000000000a00000000000000002008000b00", @ANYRES32=r7, @ANYBLOB="0800020002000000080001004e23000014000700fe8800000000000000000000000000011400090075fb730469852e872682a34c7818516f08000b00", @ANYRES32=r9], 0x78}, 0x1, 0x0, 0x0, 0x811}, 0xc80) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8936, &(0x7f0000000100)={@remote, 0x3d, r7}) write$cgroup_pid(r2, &(0x7f0000000000), 0x10000000d) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001c00)='memory.events\x00', 0x7a10, 0x1700) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000080)) 05:22:15 executing program 4: r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) perf_event_open(&(0x7f0000002500)={0x0, 0x70, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x20004, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3f, 0x4, @perf_config_ext={0x1}, 0x0, 0x0, 0x0, 0x1, 0x1, 0xff, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xb) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000180), 0x127) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40086602, 0x400007) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYPTR64], 0xff39) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r3, 0x0, 0x486, &(0x7f0000000000), &(0x7f0000000040)=0xc) r4 = socket(0x40000000015, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(r4, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) r5 = syz_genetlink_get_family_id$fou(&(0x7f0000000140)='fou\x00') r6 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r6, &(0x7f0000000300)={0x2, 0x4e20, @local}, 0x10) sendto$inet(r6, 0x0, 0x100000351, 0x20020059, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) ioctl$int_in(r6, 0x5452, &(0x7f00000003c0)=0xe1) shutdown(r6, 0x1) accept4(r6, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000080)=0x80, 0x80000) bind(0xffffffffffffffff, &(0x7f0000000100)=@xdp={0x2c, 0x0, r7, 0x2a}, 0x80) r8 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r8, &(0x7f0000000300)={0x2, 0x4e20, @local}, 0x10) sendto$inet(r8, 0x0, 0x100000351, 0x20020059, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) shutdown(r8, 0x1) accept4(r8, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000080)=0x80, 0x80000) bind(0xffffffffffffffff, &(0x7f0000000100)=@xdp={0x2c, 0x0, r9, 0x2a}, 0x80) sendmsg$FOU_CMD_DEL(r4, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000400)={&(0x7f0000000180)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="000127bd7000fedbdf2502000000080001004e24000014000700fe80000000000a00000000000000002008000b00", @ANYRES32=r7, @ANYBLOB="0800020002000000080001004e23000014000700fe8800000000000000000000000000011400090075fb730469852e872682a34c7818516f08000b00", @ANYRES32=r9], 0x78}, 0x1, 0x0, 0x0, 0x811}, 0xc80) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8936, &(0x7f0000000100)={@remote, 0x3d, r7}) write$cgroup_pid(r2, &(0x7f0000000000), 0x10000000d) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001c00)='memory.events\x00', 0x7a10, 0x1700) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000080)) 05:22:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = syz_open_dev$midi(0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x5) ioctl$TUNSETTXFILTER(r3, 0x400454d1, &(0x7f0000000000)={0x0, 0x2, [@local, @random="1484883fd015"]}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:22:15 executing program 1: prlimit64(0x0, 0xe, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) socket$inet_udp(0x2, 0x2, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000780)=ANY=[@ANYBLOB="01000000000000000000000004"]) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)) 05:22:15 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) socket$inet_udp(0x2, 0x2, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000780)=ANY=[@ANYBLOB="01000000000000000000000004"]) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)) [ 203.657760][ T9034] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 05:22:16 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)) 05:22:16 executing program 1: [ 203.848387][ T9023] kvm: pic: level sensitive irq not supported [ 203.849210][ T9023] kvm: pic: non byte read [ 203.912723][ T9023] kvm: pic: non byte write [ 203.926596][ T9023] kvm: pic: level sensitive irq not supported [ 203.927084][ T9023] kvm: pic: non byte read [ 204.004068][ T9023] kvm: pic: non byte write [ 204.052104][ T9023] kvm: pic: level sensitive irq not supported [ 204.056475][ T9023] kvm: pic: non byte read 05:22:16 executing program 1: [ 204.104236][ T9023] kvm: pic: non byte write [ 204.116846][ T9023] kvm: pic: level sensitive irq not supported [ 204.124410][ T9023] kvm: pic: non byte read [ 204.201056][ T9023] kvm: pic: non byte write 05:22:16 executing program 3: 05:22:16 executing program 2: [ 204.233437][ T9023] kvm: pic: level sensitive irq not supported [ 204.233542][ T9023] kvm: pic: non byte read [ 204.287418][ T9023] kvm: pic: non byte write 05:22:16 executing program 1: [ 204.308944][ T9023] kvm: pic: level sensitive irq not supported [ 204.309038][ T9023] kvm: pic: non byte read 05:22:16 executing program 3: [ 204.393264][ T9023] kvm: pic: non byte write [ 204.414618][ T9023] kvm: pic: level sensitive irq not supported [ 204.414717][ T9023] kvm: pic: non byte read [ 204.437335][ T9023] kvm: pic: non byte write [ 204.443278][ T23] audit: type=1800 audit(1574140936.659:35): pid=9030 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="memory.events" dev="sda1" ino=16537 res=0 [ 204.479305][ T9023] kvm: pic: level sensitive irq not supported [ 204.479409][ T9023] kvm: pic: non byte read 05:22:16 executing program 2: [ 204.549919][ T23] audit: type=1800 audit(1574140936.729:36): pid=9022 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="memory.events" dev="sda1" ino=16527 res=0 05:22:16 executing program 4: 05:22:16 executing program 0: 05:22:16 executing program 1: 05:22:16 executing program 3: 05:22:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = syz_open_dev$midi(0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x5) ioctl$TUNSETTXFILTER(r3, 0x400454d1, &(0x7f0000000000)={0x0, 0x2, [@local, @random="1484883fd015"]}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:22:16 executing program 2: 05:22:17 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = syz_open_dev$midi(0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x5) ioctl$TUNSETTXFILTER(r3, 0x400454d1, &(0x7f0000000000)={0x0, 0x2, [@local, @random="1484883fd015"]}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:22:17 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = syz_open_dev$midi(0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x5) ioctl$TUNSETTXFILTER(r3, 0x400454d1, &(0x7f0000000000)={0x0, 0x2, [@local, @random="1484883fd015"]}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:22:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) lseek(0xffffffffffffffff, 0x0, 0x2) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = syz_open_dev$midi(0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) pipe2$9p(&(0x7f0000000040), 0x4800) ioctl$TUNSETTXFILTER(r3, 0x400454d1, &(0x7f0000000000)={0x0, 0x2, [@local, @random="1484883fd015"]}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:22:17 executing program 3: ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) fcntl$setflags(0xffffffffffffffff, 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat(r1, &(0x7f00000000c0)='./file0\x00', 0x8c00, 0x352) dup(r2) r3 = socket(0x10, 0x3, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='stack\x00') sendfile(r3, r4, 0x0, 0x1000000000e6) 05:22:17 executing program 2: connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1}, 0x1c) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x1, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000240)='.\x00', 0xc0000080) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000294}, 0x2, &(0x7f00000004c0)={&(0x7f00000008c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x800}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, 0x0, 0x39d) r2 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, 0x0, 0x39d) r3 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, 0x0, 0x39d) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f00000005c0)=ANY=[], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) r4 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) ioctl$VIDIOC_G_MODULATOR(r4, 0xc0445636, &(0x7f0000000100)={0xdfb, "9dc377f2d32c52c59e344bb643b7e7f27752b5fbd28674415bfa9b4b2bc5f511", 0x1000, 0x0, 0x5}) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, [], 0x1e}, 0x2}, 0x1c) getsockopt$IP6T_SO_GET_REVISION_TARGET(r4, 0x29, 0x45, &(0x7f0000000300)={'NETMAP\x00'}, &(0x7f0000000340)=0x1e) socket(0x10, 0x80803, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB="eb000000000000002900000032000000ff020000000000000000040000000001", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x28}}], 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000500)='./cgroup.cpu/syz1\'', 0x1ff) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000200)={'gretap0\x00', {0x2, 0x4e23, @multicast2}}) syz_open_dev$amidi(&(0x7f0000000100)='/dev/\x02\xedidi#\x00', 0x0, 0x428402) r5 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r5, 0x40106614, &(0x7f0000000380)) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r6, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) sendto$inet(r6, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac", 0x8293, 0x4000002, 0x0, 0x27) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 05:22:17 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000240)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xe, &(0x7f0000000000), 0x4) write(r1, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cpu.stat\x00', 0x0, 0x0) ioctl$VT_RESIZE(r2, 0x5609, &(0x7f0000000240)={0x0, 0x401, 0x1000}) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x62a, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) socket$inet6(0xa, 0x49c68e0740a3058b, 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000580)={{{@in=@multicast1, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x4e20, 0x0, 0x0, 0x2, 0xa, 0x1b0, 0x80, 0x33, 0x0, r5}, {0x3fde27fc, 0x7fffffff, 0x0, 0x0, 0x5, 0x7, 0x2000000000004, 0x1}, {0x0, 0x3, 0x7ff, 0x5}, 0x0, 0x6e6bb8, 0x6, 0x1, 0x0, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0x10}, 0x4d5, 0x3c}, 0xa, @in6=@mcast1, 0x3503, 0x8476f732d1874694, 0x0, 0xb8, 0x3, 0x4e9}}, 0xe8) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) creat(0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x807f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200}, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r7, 0x4, 0x2000) fchdir(r6) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) umount2(&(0x7f0000000540)='./file0\x00', 0x0) 05:22:17 executing program 0: perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000100)) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r1, 0x18000000000002e5, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x40) [ 205.294394][ T9081] kvm: pic: level sensitive irq not supported [ 205.295017][ T9081] kvm: pic: non byte read [ 205.370096][ T9081] kvm: pic: non byte write 05:22:17 executing program 2: connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1}, 0x1c) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x1, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000240)='.\x00', 0xc0000080) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000294}, 0x2, &(0x7f00000004c0)={&(0x7f00000008c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x800}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, 0x0, 0x39d) r2 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, 0x0, 0x39d) r3 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, 0x0, 0x39d) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f00000005c0)=ANY=[], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) r4 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) ioctl$VIDIOC_G_MODULATOR(r4, 0xc0445636, &(0x7f0000000100)={0xdfb, "9dc377f2d32c52c59e344bb643b7e7f27752b5fbd28674415bfa9b4b2bc5f511", 0x1000, 0x0, 0x5}) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, [], 0x1e}, 0x2}, 0x1c) getsockopt$IP6T_SO_GET_REVISION_TARGET(r4, 0x29, 0x45, &(0x7f0000000300)={'NETMAP\x00'}, &(0x7f0000000340)=0x1e) socket(0x10, 0x80803, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB="eb000000000000002900000032000000ff020000000000000000040000000001", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x28}}], 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000500)='./cgroup.cpu/syz1\'', 0x1ff) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000200)={'gretap0\x00', {0x2, 0x4e23, @multicast2}}) syz_open_dev$amidi(&(0x7f0000000100)='/dev/\x02\xedidi#\x00', 0x0, 0x428402) r5 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r5, 0x40106614, &(0x7f0000000380)) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r6, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) sendto$inet(r6, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac", 0x8293, 0x4000002, 0x0, 0x27) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) [ 205.453387][ T9120] BPF:hdr_len not found [ 205.487416][ T9081] kvm: pic: level sensitive irq not supported [ 205.497339][ T9081] kvm: pic: non byte read 05:22:17 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = syz_open_dev$midi(0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x5) ioctl$TUNSETTXFILTER(r3, 0x400454d1, &(0x7f0000000000)={0x0, 0x2, [@local, @random="1484883fd015"]}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 205.560370][ T9081] kvm: pic: non byte write [ 205.577596][ T9081] kvm: pic: non byte write 05:22:17 executing program 0: connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1}, 0x1c) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x1, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000240)='.\x00', 0xc0000080) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000294}, 0x2, &(0x7f00000004c0)={&(0x7f00000008c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x800}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, 0x0, 0x39d) r2 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, 0x0, 0x39d) r3 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, 0x0, 0x39d) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f00000005c0)=ANY=[], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) r4 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) ioctl$VIDIOC_G_MODULATOR(r4, 0xc0445636, &(0x7f0000000100)={0xdfb, "9dc377f2d32c52c59e344bb643b7e7f27752b5fbd28674415bfa9b4b2bc5f511", 0x1000, 0x0, 0x5}) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, [], 0x1e}, 0x2}, 0x1c) getsockopt$IP6T_SO_GET_REVISION_TARGET(r4, 0x29, 0x45, &(0x7f0000000300)={'NETMAP\x00'}, &(0x7f0000000340)=0x1e) socket(0x10, 0x80803, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB="eb000000000000002900000032000000ff020000000000000000040000000001", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x28}}], 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000500)='./cgroup.cpu/syz1\'', 0x1ff) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000200)={'gretap0\x00', {0x2, 0x4e23, @multicast2}}) syz_open_dev$amidi(&(0x7f0000000100)='/dev/\x02\xedidi#\x00', 0x0, 0x428402) r5 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r5, 0x40106614, &(0x7f0000000380)) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r6, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) sendto$inet(r6, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac", 0x8293, 0x4000002, 0x0, 0x27) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 05:22:18 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = syz_open_dev$midi(0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x5) ioctl$TUNSETTXFILTER(r3, 0x400454d1, &(0x7f0000000000)={0x0, 0x2, [@local, @random="1484883fd015"]}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:22:18 executing program 2: connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1}, 0x1c) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x1, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000240)='.\x00', 0xc0000080) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000294}, 0x2, &(0x7f00000004c0)={&(0x7f00000008c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x800}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, 0x0, 0x39d) r2 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, 0x0, 0x39d) r3 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, 0x0, 0x39d) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f00000005c0)=ANY=[], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) r4 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) ioctl$VIDIOC_G_MODULATOR(r4, 0xc0445636, &(0x7f0000000100)={0xdfb, "9dc377f2d32c52c59e344bb643b7e7f27752b5fbd28674415bfa9b4b2bc5f511", 0x1000, 0x0, 0x5}) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, [], 0x1e}, 0x2}, 0x1c) getsockopt$IP6T_SO_GET_REVISION_TARGET(r4, 0x29, 0x45, &(0x7f0000000300)={'NETMAP\x00'}, &(0x7f0000000340)=0x1e) socket(0x10, 0x80803, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB="eb000000000000002900000032000000ff020000000000000000040000000001", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x28}}], 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000500)='./cgroup.cpu/syz1\'', 0x1ff) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000200)={'gretap0\x00', {0x2, 0x4e23, @multicast2}}) syz_open_dev$amidi(&(0x7f0000000100)='/dev/\x02\xedidi#\x00', 0x0, 0x428402) r5 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r5, 0x40106614, &(0x7f0000000380)) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r6, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) sendto$inet(r6, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac", 0x8293, 0x4000002, 0x0, 0x27) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) [ 206.667840][ T9100] kvm: pic: single mode not supported [ 311.247895][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 311.255074][ C1] rcu: 1-....: (1 GPs behind) idle=c92/1/0x4000000000000002 softirq=13490/13491 fqs=5241 [ 311.265176][ C1] (t=10500 jiffies g=9325 q=622) [ 311.270216][ C1] NMI backtrace for cpu 1 [ 311.274522][ C1] CPU: 1 PID: 9115 Comm: syz-executor.3 Not tainted 5.4.0-rc7-next-20191115 #0 [ 311.283427][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 311.293459][ C1] Call Trace: [ 311.296718][ C1] [ 311.299554][ C1] dump_stack+0x197/0x210 [ 311.303899][ C1] nmi_cpu_backtrace.cold+0x70/0xb2 [ 311.309081][ C1] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 311.314689][ C1] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 311.320681][ C1] arch_trigger_cpumask_backtrace+0x14/0x20 [ 311.326585][ C1] rcu_dump_cpu_stacks+0x183/0x1cf [ 311.331673][ C1] ? find_next_bit+0x107/0x130 [ 311.336426][ C1] rcu_sched_clock_irq.cold+0x509/0xc02 [ 311.341950][ C1] ? raise_softirq+0x138/0x340 [ 311.346693][ C1] update_process_times+0x2d/0x70 [ 311.351692][ C1] tick_sched_handle+0xa2/0x190 [ 311.356563][ C1] tick_sched_timer+0x53/0x140 [ 311.361304][ C1] __hrtimer_run_queues+0x364/0xe40 [ 311.366513][ C1] ? tick_sched_do_timer+0x1b0/0x1b0 [ 311.371805][ C1] ? hrtimer_init+0x330/0x330 [ 311.376554][ C1] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 311.382279][ C1] ? ktime_get_update_offsets_now+0x2ce/0x430 [ 311.388332][ C1] hrtimer_interrupt+0x314/0x770 [ 311.393258][ C1] smp_apic_timer_interrupt+0x160/0x610 [ 311.398779][ C1] apic_timer_interrupt+0xf/0x20 [ 311.403688][ C1] [ 311.406640][ C1] RIP: 0010:write_comp_data+0x68/0x70 [ 311.411987][ C1] Code: 00 00 4e 8d 14 dd 28 00 00 00 4d 39 d0 72 1b 49 83 c1 01 4a 89 7c 10 e0 4a 89 74 10 e8 4a 89 54 10 f0 4a 89 4c d8 20 4c 89 08 0f 1f 80 00 00 00 00 55 40 0f b6 d6 40 0f b6 f7 31 ff 48 89 e5 [ 311.431566][ C1] RSP: 0018:ffff88805920f840 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 [ 311.440054][ C1] RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffff817e51f6 [ 311.448027][ C1] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000005 [ 311.456180][ C1] RBP: ffff88805920f848 R08: ffff888059202300 R09: ffffed1012ff1682 [ 311.464139][ C1] R10: ffffed1012ff1681 R11: ffff888097f8b40b R12: ffff888097f8b408 [ 311.472306][ C1] R13: 0000000000000003 R14: ffffed1012ff1681 R15: ffff88805920f918 [ 311.480320][ C1] ? irq_work_sync+0x106/0x1d0 [ 311.485103][ C1] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 311.491319][ C1] irq_work_sync+0x106/0x1d0 [ 311.495888][ C1] _free_event+0x89/0x13b0 [ 311.500282][ C1] ? __kasan_check_write+0x14/0x20 [ 311.505483][ C1] ? __mutex_unlock_slowpath+0xf0/0x6a0 [ 311.511035][ C1] ? mark_held_locks+0xa4/0xf0 [ 311.515824][ C1] ? ring_buffer_attach+0x650/0x650 [ 311.520999][ C1] ? wait_for_completion+0x440/0x440 [ 311.526312][ C1] put_event+0x47/0x60 [ 311.530362][ C1] perf_event_release_kernel+0x6d5/0xd70 [ 311.536007][ C1] ? __perf_event_exit_context+0x170/0x170 [ 311.541812][ C1] ? fasync_helper+0x6e/0xb2 [ 311.546380][ C1] perf_release+0x37/0x50 [ 311.550707][ C1] __fput+0x2ff/0x890 [ 311.554679][ C1] ? perf_event_release_kernel+0xd70/0xd70 [ 311.560481][ C1] ____fput+0x16/0x20 [ 311.564444][ C1] task_work_run+0x145/0x1c0 [ 311.569014][ C1] do_exit+0x904/0x2e60 [ 311.573171][ C1] ? mm_update_next_owner+0x640/0x640 [ 311.578524][ C1] ? lock_downgrade+0x920/0x920 [ 311.583350][ C1] ? _raw_spin_unlock_irq+0x23/0x80 [ 311.588537][ C1] ? get_signal+0x392/0x24f0 [ 311.593103][ C1] ? _raw_spin_unlock_irq+0x23/0x80 [ 311.598299][ C1] do_group_exit+0x135/0x360 [ 311.602866][ C1] get_signal+0x47c/0x24f0 [ 311.607262][ C1] ? lock_downgrade+0x920/0x920 [ 311.612092][ C1] do_signal+0x87/0x1700 [ 311.616322][ C1] ? __kasan_check_read+0x11/0x20 [ 311.621417][ C1] ? _copy_to_user+0x118/0x160 [ 311.626158][ C1] ? setup_sigcontext+0x7d0/0x7d0 [ 311.631166][ C1] ? exit_to_usermode_loop+0x43/0x380 [ 311.636514][ C1] ? do_syscall_64+0x676/0x790 [ 311.641254][ C1] ? exit_to_usermode_loop+0x43/0x380 [ 311.646615][ C1] ? lockdep_hardirqs_on+0x421/0x5e0 [ 311.651878][ C1] ? trace_hardirqs_on+0x67/0x240 [ 311.656894][ C1] exit_to_usermode_loop+0x286/0x380 [ 311.662159][ C1] do_syscall_64+0x676/0x790 [ 311.666737][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 311.672605][ C1] RIP: 0033:0x45a639 [ 311.676508][ C1] Code: Bad RIP value. [ 311.680548][ C1] RSP: 002b:00007f910961fcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 311.688933][ C1] RAX: fffffffffffffe00 RBX: 000000000075c078 RCX: 000000000045a639 [ 311.696890][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075c078 [ 311.704843][ C1] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 311.712792][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075c07c [ 311.720749][ C1] R13: 00007ffe36e784ff R14: 00007f91096209c0 R15: 000000000075c07c