[ 55.465386][ T26] audit: type=1800 audit(1572969298.721:27): pid=7768 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 55.517751][ T26] audit: type=1800 audit(1572969298.721:28): pid=7768 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 56.305687][ T26] audit: type=1800 audit(1572969299.611:29): pid=7768 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 56.325827][ T26] audit: type=1800 audit(1572969299.621:30): pid=7768 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.138' (ECDSA) to the list of known hosts. 2019/11/05 15:55:10 fuzzer started 2019/11/05 15:55:12 dialing manager at 10.128.0.105:43787 2019/11/05 15:55:14 syscalls: 2553 2019/11/05 15:55:14 code coverage: enabled 2019/11/05 15:55:14 comparison tracing: enabled 2019/11/05 15:55:14 extra coverage: extra coverage is not supported by the kernel 2019/11/05 15:55:14 setuid sandbox: enabled 2019/11/05 15:55:14 namespace sandbox: enabled 2019/11/05 15:55:14 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/05 15:55:14 fault injection: enabled 2019/11/05 15:55:14 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/05 15:55:14 net packet injection: enabled 2019/11/05 15:55:14 net device setup: enabled 2019/11/05 15:55:14 concurrency sanitizer: enabled 2019/11/05 15:55:14 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 75.368161][ T7938] KCSAN: could not find function: 'poll_schedule_timeout' 2019/11/05 15:55:21 adding functions to KCSAN blacklist: 'find_next_bit' 'generic_write_end' 'task_dump_owner' 'exit_signals' 'generic_fillattr' 'ext4_has_free_clusters' 'pid_update_inode' 'tcp_add_backlog' 'rcu_gp_fqs_loop' 'do_readlinkat' 'tick_nohz_idle_stop_tick' 'add_timer' 'do_nanosleep' 'blk_mq_dispatch_rq_list' 'pipe_poll' 'vm_area_dup' 'lruvec_lru_size' 'find_get_pages_range_tag' '__hrtimer_run_queues' 'osq_lock' 'echo_char' 'ep_poll' 'rcu_gp_fqs_check_wake' 'tick_sched_do_timer' 'ext4_free_inode' 'run_timer_softirq' 'xas_clear_mark' 'poll_schedule_timeout' 'ext4_nonda_switch' 'generic_permission' 'blk_mq_sched_dispatch_requests' 'mod_timer' 'blk_mq_get_request' 'taskstats_exit' 'ext4_free_inodes_count' 'process_srcu' 'kauditd_thread' 'tomoyo_supervisor' 'pipe_wait' 'dd_has_work' 'n_tty_receive_buf_common' 'ktime_get_seconds' 'ktime_get_real_seconds' 'wbt_done' '__ext4_new_inode' 'fsnotify' 'inet_putpeer' 'atime_needs_update' 'tick_do_update_jiffies64' 'get_task_cred' 'alloc_empty_file' 15:56:12 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e5c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}}}}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) read(r0, &(0x7f00000004c0)=""/229, 0xe5) getdents64(r3, 0x0, 0x0) 15:56:12 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r3 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r3, 0xc0184900, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0) ioctl$SIOCX25GFACILITIES(0xffffffffffffffff, 0x89e2, &(0x7f0000000200)) r4 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r4}) dup(0xffffffffffffffff) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r6, 0xc0184900, 0x0) dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r8, 0xc0184900, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffff}) r10 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r10, 0xc0184900, &(0x7f0000000080)={0xa925, 0x1d, 0x0, 0xffffffffffffffff}) r12 = dup(r11) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r12}) dup(r9) ioctl$DRM_IOCTL_GEM_FLINK(r7, 0xc008640a, &(0x7f0000000280)={r5}) [ 129.265632][ T7942] IPVS: ftp: loaded support on port[0] = 21 [ 129.371026][ T7942] chnl_net:caif_netlink_parms(): no params data found [ 129.442601][ T7942] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.458458][ T7942] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.478419][ T7942] device bridge_slave_0 entered promiscuous mode [ 129.485938][ T7942] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.501370][ T7942] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.510534][ T7942] device bridge_slave_1 entered promiscuous mode [ 129.529164][ T7942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 129.540917][ T7942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 15:56:12 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r3 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) [ 129.562320][ T7942] team0: Port device team_slave_0 added [ 129.569480][ T7942] team0: Port device team_slave_1 added [ 129.583318][ T7945] IPVS: ftp: loaded support on port[0] = 21 [ 129.630802][ T7942] device hsr_slave_0 entered promiscuous mode [ 129.699651][ T7942] device hsr_slave_1 entered promiscuous mode [ 129.793894][ T7947] IPVS: ftp: loaded support on port[0] = 21 [ 129.836680][ T7942] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.843773][ T7942] bridge0: port 2(bridge_slave_1) entered forwarding state [ 129.851177][ T7942] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.858209][ T7942] bridge0: port 1(bridge_slave_0) entered forwarding state 15:56:13 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000007, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) memfd_create(&(0x7f0000000100)='/dev/uinput\x00', 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r0 = getpid() process_vm_writev(r0, &(0x7f0000000480)=[{&(0x7f0000000180)=""/182, 0xb6}, {&(0x7f0000000080)=""/11, 0xb}, {&(0x7f0000000240)=""/127, 0x7f}, {&(0x7f0000000500)=""/34, 0x20}, {&(0x7f00000002c0)=""/60, 0x3c}, {&(0x7f0000000300)=""/201, 0xc9}], 0x6, &(0x7f0000000940)=[{&(0x7f0000000580)=""/127, 0x7f}, {&(0x7f0000000600)=""/83, 0x53}, {&(0x7f0000000400)=""/62, 0x3e}, {&(0x7f0000000680)=""/87, 0xac}, {&(0x7f0000000700)=""/117, 0xfffffee0}, {&(0x7f0000000780)=""/151, 0x97}, {&(0x7f0000000840)=""/220, 0xdc}], 0x7, 0x0) [ 130.102737][ T7942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 130.160839][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 130.189465][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.218766][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.239004][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 130.312556][ T7942] 8021q: adding VLAN 0 to HW filter on device team0 [ 130.343867][ T7945] chnl_net:caif_netlink_parms(): no params data found [ 130.419530][ T2916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 130.438736][ T2916] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.445811][ T2916] bridge0: port 1(bridge_slave_0) entered forwarding state [ 130.528972][ T7947] chnl_net:caif_netlink_parms(): no params data found [ 130.534290][ T7977] IPVS: ftp: loaded support on port[0] = 21 [ 130.641068][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 130.659235][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 130.698714][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.705783][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 130.782581][ T7947] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.818444][ T7947] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.826391][ T7947] device bridge_slave_0 entered promiscuous mode 15:56:14 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000080)={0x0, 0x0, 0x6, 0x0, 0x6}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ca]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x3, 0x0, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 130.869246][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 130.907999][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 130.939474][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 130.948197][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 130.999329][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 131.008129][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.065760][ T7945] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.078453][ T7945] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.118547][ T7945] device bridge_slave_0 entered promiscuous mode [ 131.141442][ T7947] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.178425][ T7947] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.186482][ T7947] device bridge_slave_1 entered promiscuous mode [ 131.233981][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 131.271725][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 131.309055][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 131.320774][ T7945] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.327816][ T7945] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.369145][ T7945] device bridge_slave_1 entered promiscuous mode [ 131.384198][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 131.409035][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 131.450536][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 131.460040][ T7947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 131.539956][ T7942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 131.556457][ T7980] IPVS: ftp: loaded support on port[0] = 21 [ 131.569043][ T7945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 131.579362][ T7947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 131.622155][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 131.639044][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 15:56:15 executing program 5: r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) ioctl$IOC_PR_PREEMPT(r0, 0x40046109, &(0x7f0000000080)={0x22}) ioctl$IOC_PR_PREEMPT(r0, 0xc05c6104, &(0x7f0000000080)) [ 131.679073][ T7945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 131.705888][ T7947] team0: Port device team_slave_0 added [ 131.734506][ T7945] team0: Port device team_slave_0 added [ 131.745593][ T7947] team0: Port device team_slave_1 added [ 131.775005][ T7945] team0: Port device team_slave_1 added [ 131.889033][ T7947] device hsr_slave_0 entered promiscuous mode [ 131.918869][ T7947] device hsr_slave_1 entered promiscuous mode [ 131.958396][ T7947] debugfs: Directory 'hsr0' with parent '/' already present! [ 131.975183][ T7977] chnl_net:caif_netlink_parms(): no params data found [ 132.030966][ T7945] device hsr_slave_0 entered promiscuous mode [ 132.060858][ T7945] device hsr_slave_1 entered promiscuous mode [ 132.108486][ T7945] debugfs: Directory 'hsr0' with parent '/' already present! [ 132.142603][ T7995] IPVS: ftp: loaded support on port[0] = 21 [ 132.368979][ T7977] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.381659][ T7977] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.429450][ T7977] device bridge_slave_0 entered promiscuous mode [ 132.542366][ T7977] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.561919][ T7977] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.592225][ T7977] device bridge_slave_1 entered promiscuous mode [ 132.726259][ T7980] chnl_net:caif_netlink_parms(): no params data found 15:56:16 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e5c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}}}}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) read(r0, &(0x7f00000004c0)=""/229, 0xe5) getdents64(r3, 0x0, 0x0) [ 132.809875][ T7977] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 132.889813][ T7945] 8021q: adding VLAN 0 to HW filter on device bond0 [ 132.900116][ T7947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 132.992577][ T7977] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 133.057901][ T7945] 8021q: adding VLAN 0 to HW filter on device team0 [ 133.101115][ T7947] 8021q: adding VLAN 0 to HW filter on device team0 [ 133.114957][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 133.131970][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 133.165658][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 133.203765][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 133.337241][ T7980] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.345531][ T7980] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.392496][ T7980] device bridge_slave_0 entered promiscuous mode 15:56:16 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e5c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}}}}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) read(r0, &(0x7f00000004c0)=""/229, 0xe5) getdents64(r3, 0x0, 0x0) [ 133.435943][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 133.468972][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 133.523966][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.531060][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.629479][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 133.669132][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 133.696579][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.703713][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.762538][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 133.797821][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 133.843245][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.850447][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.899146][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 133.939234][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 133.984737][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 134.023421][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 134.063125][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 134.097167][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 134.139370][ T7977] team0: Port device team_slave_0 added [ 134.172181][ T7980] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.214871][ T7980] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.252212][ T7980] device bridge_slave_1 entered promiscuous mode 15:56:17 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e5c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}}}}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) read(r0, &(0x7f00000004c0)=""/229, 0xe5) getdents64(r3, 0x0, 0x0) [ 134.322399][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 134.338257][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 134.392280][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 134.458733][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 134.467441][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 134.551325][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.558481][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 134.634932][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 134.684908][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 134.729579][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 134.773033][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 134.817962][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 134.861685][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 134.912615][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 134.955346][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 135.001643][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 135.046609][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 135.097517][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 135.141166][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 135.182395][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 135.224858][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 135.271360][ T7947] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 135.293714][ T7977] team0: Port device team_slave_1 added [ 135.313174][ T7945] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 135.342140][ T2916] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 135.375773][ T7947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 135.454991][ T7945] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 135.522603][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 135.538091][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 135.599158][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 135.640860][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 135.688846][ T7995] chnl_net:caif_netlink_parms(): no params data found [ 135.713992][ T7980] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 135.841151][ T7977] device hsr_slave_0 entered promiscuous mode [ 135.867151][ T7977] device hsr_slave_1 entered promiscuous mode [ 135.972014][ T7977] debugfs: Directory 'hsr0' with parent '/' already present! [ 135.985329][ T7980] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 136.140509][ T7995] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.178758][ T7995] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.217725][ T7995] device bridge_slave_0 entered promiscuous mode [ 136.254275][ T7980] team0: Port device team_slave_0 added [ 136.256153][ T8093] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 136.277822][ T7995] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.326555][ C1] hrtimer: interrupt took 38147 ns [ 136.330239][ T7995] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.381412][ T7995] device bridge_slave_1 entered promiscuous mode [ 136.459778][ T7980] team0: Port device team_slave_1 added [ 136.507672][ T7995] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 136.560298][ T7995] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 15:56:19 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r3 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r3, 0xc0184900, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0) ioctl$SIOCX25GFACILITIES(0xffffffffffffffff, 0x89e2, &(0x7f0000000200)) r4 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r4}) dup(0xffffffffffffffff) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r6, 0xc0184900, 0x0) dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r8, 0xc0184900, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffff}) r10 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r10, 0xc0184900, &(0x7f0000000080)={0xa925, 0x1d, 0x0, 0xffffffffffffffff}) r12 = dup(r11) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r12}) dup(r9) ioctl$DRM_IOCTL_GEM_FLINK(r7, 0xc008640a, &(0x7f0000000280)={r5}) [ 136.726720][ T7995] team0: Port device team_slave_0 added 15:56:20 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r3 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) [ 136.801204][ T7980] device hsr_slave_0 entered promiscuous mode [ 136.848777][ T7980] device hsr_slave_1 entered promiscuous mode [ 136.908536][ T7980] debugfs: Directory 'hsr0' with parent '/' already present! [ 136.919174][ T7977] 8021q: adding VLAN 0 to HW filter on device bond0 [ 136.927504][ T7995] team0: Port device team_slave_1 added [ 137.014698][ T7977] 8021q: adding VLAN 0 to HW filter on device team0 [ 137.093197][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.128849][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 15:56:20 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r3 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r3, 0xc0184900, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0) ioctl$SIOCX25GFACILITIES(0xffffffffffffffff, 0x89e2, &(0x7f0000000200)) r4 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r4}) dup(0xffffffffffffffff) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r6, 0xc0184900, 0x0) dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r8, 0xc0184900, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffff}) r10 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r10, 0xc0184900, &(0x7f0000000080)={0xa925, 0x1d, 0x0, 0xffffffffffffffff}) r12 = dup(r11) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r12}) dup(r9) ioctl$DRM_IOCTL_GEM_FLINK(r7, 0xc008640a, &(0x7f0000000280)={r5}) [ 137.181326][ T7995] device hsr_slave_0 entered promiscuous mode [ 137.216737][ T7995] device hsr_slave_1 entered promiscuous mode [ 137.268511][ T7995] debugfs: Directory 'hsr0' with parent '/' already present! [ 137.395163][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 137.427449][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 15:56:20 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r3 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) [ 137.499150][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.506280][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 137.606800][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 137.682086][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 137.748052][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.755164][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 137.758528][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 137.768163][ C1] protocol 88fb is buggy, dev hsr_slave_1 15:56:21 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r3 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r3, 0xc0184900, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0) ioctl$SIOCX25GFACILITIES(0xffffffffffffffff, 0x89e2, &(0x7f0000000200)) r4 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r4}) dup(0xffffffffffffffff) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r6, 0xc0184900, 0x0) dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r8, 0xc0184900, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffff}) r10 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r10, 0xc0184900, &(0x7f0000000080)={0xa925, 0x1d, 0x0, 0xffffffffffffffff}) r12 = dup(r11) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r12}) dup(r9) ioctl$DRM_IOCTL_GEM_FLINK(r7, 0xc008640a, &(0x7f0000000280)={r5}) [ 137.838397][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 137.844308][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 137.890635][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 137.933641][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 138.049673][ T7977] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 138.078393][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 138.084166][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:56:21 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r3 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) [ 138.142151][ T7977] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 138.271260][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 138.305878][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 138.381635][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 138.445481][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 138.510557][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 138.594778][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 138.647461][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 138.712395][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 138.781790][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 138.818386][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 138.824188][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 138.865177][ T7977] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 138.938390][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 138.944193][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 138.987506][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 139.020593][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 139.063467][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 139.148783][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 139.186945][ T7980] 8021q: adding VLAN 0 to HW filter on device bond0 [ 139.333446][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 139.358868][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.377854][ T7980] 8021q: adding VLAN 0 to HW filter on device team0 [ 139.578627][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 139.587311][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 139.658886][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.665957][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 139.789043][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 139.797804][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 139.908866][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.916021][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 140.009089][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 140.018230][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.131916][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 140.207560][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 140.261989][ T7995] 8021q: adding VLAN 0 to HW filter on device bond0 [ 140.302902][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 140.324370][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 140.403730][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 140.464041][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 140.543876][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 140.604536][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 140.667758][ T7980] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 140.726283][ T7995] 8021q: adding VLAN 0 to HW filter on device team0 [ 140.778950][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 140.787552][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 140.839067][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 140.889164][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 140.958934][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 140.966511][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 141.042864][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 141.078071][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 141.131301][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.138411][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.220831][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 141.269111][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 141.277565][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.284633][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.359096][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 141.368177][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 141.447121][ T7980] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 141.508509][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 141.516758][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 141.561934][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 141.591398][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 141.630461][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 141.662821][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 141.701751][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 141.721734][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 141.750349][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 141.784381][ T7995] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 141.807585][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 141.845199][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 141.856722][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 141.881525][ T7995] 8021q: adding VLAN 0 to HW filter on device batadv0 15:56:25 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000007, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) memfd_create(&(0x7f0000000100)='/dev/uinput\x00', 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r0 = getpid() process_vm_writev(r0, &(0x7f0000000480)=[{&(0x7f0000000180)=""/182, 0xb6}, {&(0x7f0000000080)=""/11, 0xb}, {&(0x7f0000000240)=""/127, 0x7f}, {&(0x7f0000000500)=""/34, 0x20}, {&(0x7f00000002c0)=""/60, 0x3c}, {&(0x7f0000000300)=""/201, 0xc9}], 0x6, &(0x7f0000000940)=[{&(0x7f0000000580)=""/127, 0x7f}, {&(0x7f0000000600)=""/83, 0x53}, {&(0x7f0000000400)=""/62, 0x3e}, {&(0x7f0000000680)=""/87, 0xac}, {&(0x7f0000000700)=""/117, 0xfffffee0}, {&(0x7f0000000780)=""/151, 0x97}, {&(0x7f0000000840)=""/220, 0xdc}], 0x7, 0x0) 15:56:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r3 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r3, 0xc0184900, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0) ioctl$SIOCX25GFACILITIES(0xffffffffffffffff, 0x89e2, &(0x7f0000000200)) r4 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r4}) dup(0xffffffffffffffff) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r6, 0xc0184900, 0x0) dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r8, 0xc0184900, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffff}) r10 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r10, 0xc0184900, &(0x7f0000000080)={0xa925, 0x1d, 0x0, 0xffffffffffffffff}) r12 = dup(r11) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r12}) dup(r9) ioctl$DRM_IOCTL_GEM_FLINK(r7, 0xc008640a, &(0x7f0000000280)={r5}) 15:56:25 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r3 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) 15:56:25 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r3 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) 15:56:25 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000080)={0x0, 0x0, 0x6, 0x0, 0x6}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ca]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x3, 0x0, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 15:56:25 executing program 5: r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) ioctl$IOC_PR_PREEMPT(r0, 0x40046109, &(0x7f0000000080)={0x22}) ioctl$IOC_PR_PREEMPT(r0, 0xc05c6104, &(0x7f0000000080)) [ 142.535084][ T8241] kvm [8236]: vcpu0, guest rIP: 0xcc disabled perfctr wrmsr: 0x187 data 0x1 15:56:25 executing program 5: r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) ioctl$IOC_PR_PREEMPT(r0, 0x40046109, &(0x7f0000000080)={0x22}) ioctl$IOC_PR_PREEMPT(r0, 0xc05c6104, &(0x7f0000000080)) 15:56:26 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r3 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r3, 0xc0184900, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0) ioctl$SIOCX25GFACILITIES(0xffffffffffffffff, 0x89e2, &(0x7f0000000200)) r4 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r4}) dup(0xffffffffffffffff) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r6, 0xc0184900, 0x0) dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r8, 0xc0184900, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffff}) r10 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r10, 0xc0184900, &(0x7f0000000080)={0xa925, 0x1d, 0x0, 0xffffffffffffffff}) r12 = dup(r11) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r12}) dup(r9) ioctl$DRM_IOCTL_GEM_FLINK(r7, 0xc008640a, &(0x7f0000000280)={r5}) 15:56:26 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000080)={0x0, 0x0, 0x6, 0x0, 0x6}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ca]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x3, 0x0, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 15:56:26 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r3 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) 15:56:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000080)={0x0, 0x0, 0x6, 0x0, 0x6}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ca]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x3, 0x0, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 15:56:26 executing program 5: r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) ioctl$IOC_PR_PREEMPT(r0, 0x40046109, &(0x7f0000000080)={0x22}) ioctl$IOC_PR_PREEMPT(r0, 0xc05c6104, &(0x7f0000000080)) [ 143.084924][ T8258] kvm [8257]: vcpu0, guest rIP: 0xcc disabled perfctr wrmsr: 0x187 data 0x1 [ 143.211817][ T8263] kvm [8261]: vcpu0, guest rIP: 0xcc disabled perfctr wrmsr: 0x187 data 0x1 15:56:26 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000007, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) memfd_create(&(0x7f0000000100)='/dev/uinput\x00', 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r0 = getpid() process_vm_writev(r0, &(0x7f0000000480)=[{&(0x7f0000000180)=""/182, 0xb6}, {&(0x7f0000000080)=""/11, 0xb}, {&(0x7f0000000240)=""/127, 0x7f}, {&(0x7f0000000500)=""/34, 0x20}, {&(0x7f00000002c0)=""/60, 0x3c}, {&(0x7f0000000300)=""/201, 0xc9}], 0x6, &(0x7f0000000940)=[{&(0x7f0000000580)=""/127, 0x7f}, {&(0x7f0000000600)=""/83, 0x53}, {&(0x7f0000000400)=""/62, 0x3e}, {&(0x7f0000000680)=""/87, 0xac}, {&(0x7f0000000700)=""/117, 0xfffffee0}, {&(0x7f0000000780)=""/151, 0x97}, {&(0x7f0000000840)=""/220, 0xdc}], 0x7, 0x0) 15:56:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000080)={0x0, 0x0, 0x6, 0x0, 0x6}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ca]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x3, 0x0, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 15:56:26 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r3 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r3, 0xc0184900, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0) ioctl$SIOCX25GFACILITIES(0xffffffffffffffff, 0x89e2, &(0x7f0000000200)) r4 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r4}) dup(0xffffffffffffffff) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r6, 0xc0184900, 0x0) dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r8, 0xc0184900, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffff}) r10 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r10, 0xc0184900, &(0x7f0000000080)={0xa925, 0x1d, 0x0, 0xffffffffffffffff}) r12 = dup(r11) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r12}) dup(r9) ioctl$DRM_IOCTL_GEM_FLINK(r7, 0xc008640a, &(0x7f0000000280)={r5}) 15:56:26 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000080)={0x0, 0x0, 0x6, 0x0, 0x6}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ca]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x3, 0x0, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 15:56:26 executing program 0: r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) ioctl$IOC_PR_PREEMPT(r0, 0x40046109, &(0x7f0000000080)={0x22}) ioctl$IOC_PR_PREEMPT(r0, 0xc05c6104, &(0x7f0000000080)) 15:56:26 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000007, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) memfd_create(&(0x7f0000000100)='/dev/uinput\x00', 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r0 = getpid() process_vm_writev(r0, &(0x7f0000000480)=[{&(0x7f0000000180)=""/182, 0xb6}, {&(0x7f0000000080)=""/11, 0xb}, {&(0x7f0000000240)=""/127, 0x7f}, {&(0x7f0000000500)=""/34, 0x20}, {&(0x7f00000002c0)=""/60, 0x3c}, {&(0x7f0000000300)=""/201, 0xc9}], 0x6, &(0x7f0000000940)=[{&(0x7f0000000580)=""/127, 0x7f}, {&(0x7f0000000600)=""/83, 0x53}, {&(0x7f0000000400)=""/62, 0x3e}, {&(0x7f0000000680)=""/87, 0xac}, {&(0x7f0000000700)=""/117, 0xfffffee0}, {&(0x7f0000000780)=""/151, 0x97}, {&(0x7f0000000840)=""/220, 0xdc}], 0x7, 0x0) [ 143.605460][ T8273] kvm [8272]: vcpu0, guest rIP: 0xcc disabled perfctr wrmsr: 0x187 data 0x1 [ 143.632684][ T8281] kvm [8274]: vcpu0, guest rIP: 0xcc disabled perfctr wrmsr: 0x187 data 0x1 15:56:27 executing program 0: r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) ioctl$IOC_PR_PREEMPT(r0, 0x40046109, &(0x7f0000000080)={0x22}) ioctl$IOC_PR_PREEMPT(r0, 0xc05c6104, &(0x7f0000000080)) 15:56:27 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r3 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r3, 0xc0184900, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0) ioctl$SIOCX25GFACILITIES(0xffffffffffffffff, 0x89e2, &(0x7f0000000200)) r4 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r4}) dup(0xffffffffffffffff) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r6, 0xc0184900, 0x0) dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r8, 0xc0184900, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffff}) r10 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r10, 0xc0184900, &(0x7f0000000080)={0xa925, 0x1d, 0x0, 0xffffffffffffffff}) r12 = dup(r11) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r12}) dup(r9) ioctl$DRM_IOCTL_GEM_FLINK(r7, 0xc008640a, &(0x7f0000000280)={r5}) 15:56:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r3 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r3, 0xc0184900, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0) ioctl$SIOCX25GFACILITIES(0xffffffffffffffff, 0x89e2, &(0x7f0000000200)) r4 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r4}) dup(0xffffffffffffffff) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r6, 0xc0184900, 0x0) dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r8, 0xc0184900, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffff}) r10 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r10, 0xc0184900, &(0x7f0000000080)={0xa925, 0x1d, 0x0, 0xffffffffffffffff}) r12 = dup(r11) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r12}) dup(r9) ioctl$DRM_IOCTL_GEM_FLINK(r7, 0xc008640a, &(0x7f0000000280)={r5}) 15:56:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000080)={0x0, 0x0, 0x6, 0x0, 0x6}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ca]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x3, 0x0, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 15:56:27 executing program 0: r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) ioctl$IOC_PR_PREEMPT(r0, 0x40046109, &(0x7f0000000080)={0x22}) ioctl$IOC_PR_PREEMPT(r0, 0xc05c6104, &(0x7f0000000080)) [ 144.220474][ T8295] kvm [8293]: vcpu0, guest rIP: 0xcc disabled perfctr wrmsr: 0x187 data 0x1 15:56:27 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r3 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r3, 0xc0184900, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0) ioctl$SIOCX25GFACILITIES(0xffffffffffffffff, 0x89e2, &(0x7f0000000200)) r4 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r4}) dup(0xffffffffffffffff) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r6, 0xc0184900, 0x0) dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r8, 0xc0184900, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffff}) r10 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r10, 0xc0184900, &(0x7f0000000080)={0xa925, 0x1d, 0x0, 0xffffffffffffffff}) r12 = dup(r11) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r12}) dup(r9) ioctl$DRM_IOCTL_GEM_FLINK(r7, 0xc008640a, &(0x7f0000000280)={r5}) 15:56:28 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000007, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) memfd_create(&(0x7f0000000100)='/dev/uinput\x00', 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r0 = getpid() process_vm_writev(r0, &(0x7f0000000480)=[{&(0x7f0000000180)=""/182, 0xb6}, {&(0x7f0000000080)=""/11, 0xb}, {&(0x7f0000000240)=""/127, 0x7f}, {&(0x7f0000000500)=""/34, 0x20}, {&(0x7f00000002c0)=""/60, 0x3c}, {&(0x7f0000000300)=""/201, 0xc9}], 0x6, &(0x7f0000000940)=[{&(0x7f0000000580)=""/127, 0x7f}, {&(0x7f0000000600)=""/83, 0x53}, {&(0x7f0000000400)=""/62, 0x3e}, {&(0x7f0000000680)=""/87, 0xac}, {&(0x7f0000000700)=""/117, 0xfffffee0}, {&(0x7f0000000780)=""/151, 0x97}, {&(0x7f0000000840)=""/220, 0xdc}], 0x7, 0x0) 15:56:28 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e5c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}}}}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) read(r0, &(0x7f00000004c0)=""/229, 0xe5) getdents64(r3, 0x0, 0x0) 15:56:28 executing program 2: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e5c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}}}}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) read(r0, &(0x7f00000004c0)=""/229, 0xe5) getdents64(r3, 0x0, 0x0) 15:56:28 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r3 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r3, 0xc0184900, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0) ioctl$SIOCX25GFACILITIES(0xffffffffffffffff, 0x89e2, &(0x7f0000000200)) r4 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r4}) dup(0xffffffffffffffff) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r6, 0xc0184900, 0x0) dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r8, 0xc0184900, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffff}) r10 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r10, 0xc0184900, &(0x7f0000000080)={0xa925, 0x1d, 0x0, 0xffffffffffffffff}) r12 = dup(r11) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r12}) dup(r9) ioctl$DRM_IOCTL_GEM_FLINK(r7, 0xc008640a, &(0x7f0000000280)={r5}) 15:56:28 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r3 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r3, 0xc0184900, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0) ioctl$SIOCX25GFACILITIES(0xffffffffffffffff, 0x89e2, &(0x7f0000000200)) r4 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r4}) dup(0xffffffffffffffff) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r6, 0xc0184900, 0x0) dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r8, 0xc0184900, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffff}) r10 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r10, 0xc0184900, &(0x7f0000000080)={0xa925, 0x1d, 0x0, 0xffffffffffffffff}) r12 = dup(r11) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r12}) dup(r9) ioctl$DRM_IOCTL_GEM_FLINK(r7, 0xc008640a, &(0x7f0000000280)={r5}) 15:56:28 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000007, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) memfd_create(&(0x7f0000000100)='/dev/uinput\x00', 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r0 = getpid() process_vm_writev(r0, &(0x7f0000000480)=[{&(0x7f0000000180)=""/182, 0xb6}, {&(0x7f0000000080)=""/11, 0xb}, {&(0x7f0000000240)=""/127, 0x7f}, {&(0x7f0000000500)=""/34, 0x20}, {&(0x7f00000002c0)=""/60, 0x3c}, {&(0x7f0000000300)=""/201, 0xc9}], 0x6, &(0x7f0000000940)=[{&(0x7f0000000580)=""/127, 0x7f}, {&(0x7f0000000600)=""/83, 0x53}, {&(0x7f0000000400)=""/62, 0x3e}, {&(0x7f0000000680)=""/87, 0xac}, {&(0x7f0000000700)=""/117, 0xfffffee0}, {&(0x7f0000000780)=""/151, 0x97}, {&(0x7f0000000840)=""/220, 0xdc}], 0x7, 0x0) 15:56:28 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r3 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r3, 0xc0184900, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0) ioctl$SIOCX25GFACILITIES(0xffffffffffffffff, 0x89e2, &(0x7f0000000200)) r4 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r4}) dup(0xffffffffffffffff) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r6, 0xc0184900, 0x0) dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r8, 0xc0184900, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffff}) r10 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r10, 0xc0184900, &(0x7f0000000080)={0xa925, 0x1d, 0x0, 0xffffffffffffffff}) r12 = dup(r11) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000001480)={0x0, 0x0, r12}) dup(r9) ioctl$DRM_IOCTL_GEM_FLINK(r7, 0xc008640a, &(0x7f0000000280)={r5}) 15:56:28 executing program 1: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e5c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}}}}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) read(r0, &(0x7f00000004c0)=""/229, 0xe5) getdents64(r3, 0x0, 0x0) [ 145.795788][ T45] ================================================================== [ 145.803954][ T45] BUG: KCSAN: data-race in p9_poll_workfn / p9_write_work [ 145.811051][ T45] [ 145.813393][ T45] write to 0xffff8880b7818294 of 4 bytes by task 7958 on cpu 0: [ 145.821038][ T45] p9_write_work+0x673/0x6d0 [ 145.825645][ T45] process_one_work+0x3d4/0x890 [ 145.830504][ T45] worker_thread+0xa0/0x800 [ 145.835016][ T45] kthread+0x1d4/0x200 [ 145.839099][ T45] ret_from_fork+0x1f/0x30 [ 145.843501][ T45] [ 145.845844][ T45] read to 0xffff8880b7818294 of 4 bytes by task 45 on cpu 1: [ 145.853227][ T45] p9_poll_workfn+0xb9/0x350 [ 145.857830][ T45] process_one_work+0x3d4/0x890 [ 145.862691][ T45] worker_thread+0xa0/0x800 [ 145.867206][ T45] kthread+0x1d4/0x200 [ 145.871280][ T45] ret_from_fork+0x1f/0x30 [ 145.875695][ T45] [ 145.878029][ T45] Reported by Kernel Concurrency Sanitizer on: [ 145.884194][ T45] CPU: 1 PID: 45 Comm: kworker/1:1 Not tainted 5.4.0-rc6+ #0 [ 145.891564][ T45] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 145.901637][ T45] Workqueue: events p9_poll_workfn [ 145.906753][ T45] ================================================================== [ 145.914821][ T45] Kernel panic - not syncing: panic_on_warn set ... [ 145.921425][ T45] CPU: 1 PID: 45 Comm: kworker/1:1 Not tainted 5.4.0-rc6+ #0 [ 145.928799][ T45] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 145.938879][ T45] Workqueue: events p9_poll_workfn [ 145.943995][ T45] Call Trace: [ 145.947300][ T45] dump_stack+0xf5/0x159 [ 145.951556][ T45] panic+0x210/0x640 [ 145.955466][ T45] ? vprintk_func+0x8d/0x140 [ 145.960077][ T45] kcsan_report.cold+0xc/0xe [ 145.964690][ T45] kcsan_setup_watchpoint+0x3fe/0x410 [ 145.970079][ T45] __tsan_read4+0x145/0x1f0 [ 145.974602][ T45] p9_poll_workfn+0xb9/0x350 [ 145.979217][ T45] process_one_work+0x3d4/0x890 [ 145.984088][ T45] worker_thread+0xa0/0x800 [ 145.988621][ T45] kthread+0x1d4/0x200 [ 145.992704][ T45] ? rescuer_thread+0x6a0/0x6a0 [ 145.997564][ T45] ? kthread_stop+0x2d0/0x2d0 [ 146.002256][ T45] ret_from_fork+0x1f/0x30 [ 146.007891][ T45] Kernel Offset: disabled [ 146.012213][ T45] Rebooting in 86400 seconds..