Warning: Permanently added '10.128.0.176' (ECDSA) to the list of known hosts.
2019/12/07 22:19:37 fuzzer started
2019/12/07 22:19:39 dialing manager at 10.128.0.105:38631
2019/12/07 22:19:51 syscalls: 2689
2019/12/07 22:19:51 code coverage: enabled
2019/12/07 22:19:51 comparison tracing: enabled
2019/12/07 22:19:51 extra coverage: extra coverage is not supported by the kernel
2019/12/07 22:19:51 setuid sandbox: enabled
2019/12/07 22:19:51 namespace sandbox: enabled
2019/12/07 22:19:51 Android sandbox: /sys/fs/selinux/policy does not exist
2019/12/07 22:19:51 fault injection: enabled
2019/12/07 22:19:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/12/07 22:19:51 net packet injection: enabled
2019/12/07 22:19:51 net device setup: enabled
2019/12/07 22:19:51 concurrency sanitizer: enabled
2019/12/07 22:19:51 devlink PCI setup: PCI device 0000:00:10.0 is not available
syzkaller login: [   78.105714][ T7646] KCSAN: could not find function: 'poll_schedule_timeout'
2019/12/07 22:19:59 adding functions to KCSAN blacklist: 'taskstats_exit' 'ktime_get_real_seconds' 'page_counter_try_charge' 'blk_mq_sched_dispatch_requests' 'tick_nohz_idle_stop_tick' 'do_exit' 'futex_wait_queue_me' 'blk_stat_add' 'tick_do_update_jiffies64' '__rb_rotate_set_parents' 'xas_find_marked' 'ext4_free_inodes_count' 'echo_char' 'rcu_gp_fqs_check_wake' '__splice_from_pipe' 'poll_schedule_timeout' 'timer_clear_idle' 'blk_mq_get_request' 'do_nanosleep' 'p9_poll_workfn' 'find_next_bit' 'copy_process' 'generic_fillattr' 'ext4_mark_iloc_dirty' 'tick_sched_do_timer' 'ext4_ext_insert_extent' 'pcpu_alloc' 'ext4_has_free_clusters' '__snd_rawmidi_transmit_ack' '__writeback_single_inode' 'generic_write_end' '__find_get_block' 'ext4_free_inode' 'lruvec_lru_size' 'mem_cgroup_select_victim_node' 'shmem_getpage_gfp' 'pipe_poll' '__hrtimer_run_queues' 'ep_insert' 'run_timer_softirq' 'vm_area_dup' 'wbt_done' '__dentry_kill' 'find_get_pages_range_tag' 'ext4_nonda_switch' 'tcp_add_backlog' 'ep_poll' 'list_lru_count_one' 'pid_update_inode' 'add_timer' '__ext4_new_inode' 'evict' 'mod_timer' 'pipe_wait' 'tomoyo_supervisor' 'dd_has_work' 'blk_mq_dispatch_rq_list' 'kauditd_thread' 'audit_log_start' 
22:21:47 executing program 0:
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x100002, 0x0)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xffc1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

22:21:47 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
socket$inet6(0xa, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
write(r2, &(0x7f0000000340), 0x41395527)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000ac0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=""/9, 0x9}}], 0x1, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='stat\x00')
preadv(r3, &(0x7f0000000480), 0x10000000000000f2, 0x0)

[  190.994074][ T7650] IPVS: ftp: loaded support on port[0] = 21
[  191.124263][ T7650] chnl_net:caif_netlink_parms(): no params data found
[  191.169857][ T7650] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.177125][ T7650] bridge0: port 1(bridge_slave_0) entered disabled state
[  191.185503][ T7650] device bridge_slave_0 entered promiscuous mode
[  191.193354][ T7650] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.201155][ T7650] bridge0: port 2(bridge_slave_1) entered disabled state
[  191.209364][ T7650] device bridge_slave_1 entered promiscuous mode
22:21:47 executing program 2:
r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r1 = getpid()
sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb, 0x200}, 0x0)
r5 = creat(&(0x7f0000000280)='./file0\x00', 0x1)
write$binfmt_script(r5, &(0x7f0000000b80)=ANY=[@ANYBLOB="23024089d3f495ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867b5d9b750d3dc268a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5c756f7fbd75c4f6854c32f7c4625751083a544e2ed52767eee23606179b351dcdce49653758cf9725352da96697fad646eaff8be47e68ced624ccc39405cd27922170b8c56fbd09abe35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fb3aff6fd705ad79e1df4fc120000000000000027e49ba78aafefd775a53607bb3da5afbacb5b33d7005fc65718eacb3be731d415e9abe8a76efd45cc0f2fb23e3a6f80d147317dbc9249000000"], 0x128)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xa}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r5)
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0xf}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150)
dup(0xffffffffffffffff)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000180))

[  191.226987][ T7650] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  191.230131][ T7653] IPVS: ftp: loaded support on port[0] = 21
[  191.237728][ T7650] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  191.263409][ T7650] team0: Port device team_slave_0 added
[  191.276535][ T7650] team0: Port device team_slave_1 added
[  191.391020][ T7650] device hsr_slave_0 entered promiscuous mode
22:21:47 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x0)

[  191.449733][ T7650] device hsr_slave_1 entered promiscuous mode
[  191.552021][ T7656] IPVS: ftp: loaded support on port[0] = 21
[  191.626320][ T7650] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.633545][ T7650] bridge0: port 2(bridge_slave_1) entered forwarding state
[  191.640838][ T7650] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.647876][ T7650] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.834464][ T7653] chnl_net:caif_netlink_parms(): no params data found
[  191.876850][ T7682] IPVS: ftp: loaded support on port[0] = 21
22:21:48 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
io_submit(0x0, 0x0, 0x0)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r2, 0x4, 0x3800)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
fchmodat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xf6)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000240)=""/241)
close(0xffffffffffffffff)
r3 = open(0x0, 0x14103e, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000380))
ioctl$SIOCRSGCAUSE(r3, 0x89e0, 0x0)
r4 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
write$smack_current(r3, &(0x7f0000000080), 0x14)
setsockopt$inet6_int(r4, 0x29, 0x43, &(0x7f0000000000)=0x9, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
write(r4, &(0x7f00000001c0)='s', 0xffcf)
connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)

[  192.000484][ T7653] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.007557][ T7653] bridge0: port 1(bridge_slave_0) entered disabled state
[  192.039760][ T7653] device bridge_slave_0 entered promiscuous mode
[  192.095487][ T7653] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.106943][ T7653] bridge0: port 2(bridge_slave_1) entered disabled state
[  192.139607][ T7653] device bridge_slave_1 entered promiscuous mode
[  192.202939][ T7653] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  192.279279][ T7654] bridge0: port 1(bridge_slave_0) entered disabled state
[  192.310167][ T7654] bridge0: port 2(bridge_slave_1) entered disabled state
[  192.354361][ T7656] chnl_net:caif_netlink_parms(): no params data found
[  192.395987][ T7653] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  192.441565][ T7650] 8021q: adding VLAN 0 to HW filter on device bond0
[  192.483205][ T7653] team0: Port device team_slave_0 added
[  192.519446][ T7687] IPVS: ftp: loaded support on port[0] = 21
[  192.530909][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  192.550931][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  192.571787][ T7650] 8021q: adding VLAN 0 to HW filter on device team0
[  192.595209][ T7653] team0: Port device team_slave_1 added
[  192.613851][ T7656] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.621183][ T7656] bridge0: port 1(bridge_slave_0) entered disabled state
[  192.650868][ T7656] device bridge_slave_0 entered promiscuous mode
[  192.702310][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  192.730905][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  192.759290][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.766412][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  192.799558][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  192.830928][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  192.859494][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.866603][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
22:21:49 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x182)
r1 = memfd_create(&(0x7f0000000740)='\x00\x9aF\aM\xe0~\x1e5\t\xe7@\xe7\x1a\xb3#\x84\xd0g^\xb0\xe0L\xcd\x84/\xbcho\xdeq\xe4\xf5\x85\x18R\xef\xc8\x8bg\x7f~r\xc5\xde\r\x86\\g\xef-\x02\xa4\x94\xd6=+1\xbb\x8a\xde\xec\xfa&\xd6\"\xa9\x8c\xbctJ\v)!\x9c\x98\xa5\x9b\x8f\n\"\xa2h\xf44\xa3K<\xa9\x02\x87\xb6\xef\xcd\xe7\x12\xcf|5\xd3\xd4\r\xd6#1\xa7\xf7\x1a\x00\xb4\x16;\xa2\xab\xc6\xc1\xbd&\xc9\xf7u\xac\x0e\xfdP\xa2\x91\x86\xf9\xc8S/\x94\x93\xd2\fI\x1e\xa4>\xa3\x18\xddc\x95\x9an\nE\xedV\x06\x9cK\x0fO\xf8dV\xee\b\x80\xe8\xcf\x8f\'8\xb0\x03\x99s\xa0f\xb2\xeflgI\xe2\xad\xc0\x90\xff\a\xd75\x18\xdc\x9dva\xa1\xfc\xb9\xfe\xf2\xfcB\xfe\xb7\x06\x0eN\x13\xce\xfaQ\xf1\x9b\x15\xd0/sx\x97K2hz\x92~\xdd5$\x02\x12\xd5\xa6I>k\xa4\xb7\xaa\x95\a\x1f\x1f\xafd\xfd\xc2X>\bp&\xa6`3\"\x1fa\xdd*\x92d-C\x9cwJ\xbcE\xe8\xdf\x15\x01\x9b\xa1^f\xfb6\b\xd3\f.4\xa5\x17\x89\n\xb5\xb4\x7f\x97\xebnJB?\xdb\x9d\xe90k\xa9\xe7_[S\x9e\xbf\xf5~\xc6\xf6\xc8G+N\x1f\x1a\xb9<\xcaB^\xd2\x97\xf8\x0ej>p99-\x04\x9e(\x9b\xf3@yJj=\xde\xce\xa2', 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000140)='!', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r0, 0x0, 0x24000000)
close(r0)

[  192.919330][ T7656] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.926400][ T7656] bridge0: port 2(bridge_slave_1) entered disabled state
[  192.959514][ T7656] device bridge_slave_1 entered promiscuous mode
[  193.054994][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  193.152489][ T7653] device hsr_slave_0 entered promiscuous mode
[  193.189210][ T7653] device hsr_slave_1 entered promiscuous mode
[  193.208980][ T7653] debugfs: Directory 'hsr0' with parent '/' already present!
[  193.223572][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  193.235026][ T7682] chnl_net:caif_netlink_parms(): no params data found
[  193.255217][ T7700] IPVS: ftp: loaded support on port[0] = 21
[  193.267568][ T7656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  193.285489][ T7656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  193.324620][ T7682] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.335902][ T7682] bridge0: port 1(bridge_slave_0) entered disabled state
[  193.347672][ T7682] device bridge_slave_0 entered promiscuous mode
[  193.392343][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  193.401221][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  193.414086][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  193.438172][ T7650] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  193.468895][ T7650] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  193.513092][ T7682] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.521344][ T7682] bridge0: port 2(bridge_slave_1) entered disabled state
[  193.539398][ T7682] device bridge_slave_1 entered promiscuous mode
[  193.549421][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  193.577605][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  193.601802][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  193.618614][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  193.641800][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  193.661321][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  193.682413][ T7656] team0: Port device team_slave_0 added
[  193.725718][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  193.767176][ T7656] team0: Port device team_slave_1 added
[  193.802725][ T7682] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  193.873236][ T7650] 8021q: adding VLAN 0 to HW filter on device batadv0
[  193.914494][ T7687] chnl_net:caif_netlink_parms(): no params data found
[  193.932130][ T7682] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  193.967073][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  193.980817][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  194.032294][ T7653] 8021q: adding VLAN 0 to HW filter on device bond0
[  194.113004][ T7656] device hsr_slave_0 entered promiscuous mode
[  194.171219][ T7656] device hsr_slave_1 entered promiscuous mode
[  194.211132][ T7656] debugfs: Directory 'hsr0' with parent '/' already present!
[  194.233796][ T7653] 8021q: adding VLAN 0 to HW filter on device team0
[  194.263495][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  194.281992][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  194.315781][ T7700] chnl_net:caif_netlink_parms(): no params data found
[  194.390160][ T7682] team0: Port device team_slave_0 added
[  194.422565][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  194.452104][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  194.482130][ T3017] bridge0: port 1(bridge_slave_0) entered blocking state
[  194.489259][ T3017] bridge0: port 1(bridge_slave_0) entered forwarding state
[  194.563455][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  194.601905][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  194.641849][ T3017] bridge0: port 2(bridge_slave_1) entered blocking state
[  194.648963][ T3017] bridge0: port 2(bridge_slave_1) entered forwarding state
[  194.735122][ T7682] team0: Port device team_slave_1 added
[  194.784936][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  194.798430][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  194.842593][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  194.885138][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  194.919624][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  194.939030][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  194.947858][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  194.989727][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  195.009593][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  195.066273][ T7653] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  195.077930][ T7653] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  195.102322][ T7687] bridge0: port 1(bridge_slave_0) entered blocking state
[  195.109985][ T7687] bridge0: port 1(bridge_slave_0) entered disabled state
[  195.128912][ T7687] device bridge_slave_0 entered promiscuous mode
[  195.178230][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  195.204444][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  195.242343][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  195.265926][ T7700] bridge0: port 1(bridge_slave_0) entered blocking state
[  195.277301][ T7700] bridge0: port 1(bridge_slave_0) entered disabled state
[  195.295880][ T7700] device bridge_slave_0 entered promiscuous mode
[  195.326744][ T7653] 8021q: adding VLAN 0 to HW filter on device batadv0
22:21:51 executing program 0:
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x100002, 0x0)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xffc1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

[  195.348664][ T7687] bridge0: port 2(bridge_slave_1) entered blocking state
[  195.359337][ T7687] bridge0: port 2(bridge_slave_1) entered disabled state
[  195.408654][ T7687] device bridge_slave_1 entered promiscuous mode
[  195.504443][ T7682] device hsr_slave_0 entered promiscuous mode
22:21:52 executing program 0:
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x100002, 0x0)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xffc1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

[  195.579155][ T7682] device hsr_slave_1 entered promiscuous mode
[  195.618847][ T7682] debugfs: Directory 'hsr0' with parent '/' already present!
[  195.662935][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  195.689157][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  195.696631][ T7700] bridge0: port 2(bridge_slave_1) entered blocking state
[  195.707323][ T7700] bridge0: port 2(bridge_slave_1) entered disabled state
[  195.744905][ T7700] device bridge_slave_1 entered promiscuous mode
22:21:52 executing program 0:
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x100002, 0x0)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xffc1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

[  195.854503][ T7687] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  195.928795][ T7700] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  196.015007][ T7700] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  196.064884][ T7687] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  196.126087][ T7656] 8021q: adding VLAN 0 to HW filter on device bond0
22:21:52 executing program 0:
r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0)
r1 = gettid()
fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1})
fcntl$setlease(r0, 0x400, 0x0)
r2 = socket(0x10, 0x3, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
sendfile(r2, r3, 0x0, 0x1020000000e6)

[  196.175431][ T7687] team0: Port device team_slave_0 added
[  196.252731][ T7700] team0: Port device team_slave_0 added
[  196.276426][ T7700] team0: Port device team_slave_1 added
[  196.329919][ T7687] team0: Port device team_slave_1 added
[  196.338776][ T7656] 8021q: adding VLAN 0 to HW filter on device team0
[  196.367926][ T7682] 8021q: adding VLAN 0 to HW filter on device bond0
[  196.402092][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  196.429789][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  196.533721][ T7682] 8021q: adding VLAN 0 to HW filter on device team0
[  196.557632][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  196.576384][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  196.670516][ T7688] bridge0: port 1(bridge_slave_0) entered blocking state
[  196.677608][ T7688] bridge0: port 1(bridge_slave_0) entered forwarding state
22:21:53 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
socket$inet6(0xa, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
write(r2, &(0x7f0000000340), 0x41395527)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000ac0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=""/9, 0x9}}], 0x1, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='stat\x00')
preadv(r3, &(0x7f0000000480), 0x10000000000000f2, 0x0)

[  196.803954][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  196.841890][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  196.868201][ T7688] bridge0: port 2(bridge_slave_1) entered blocking state
[  196.875352][ T7688] bridge0: port 2(bridge_slave_1) entered forwarding state
[  196.944096][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  196.976054][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  197.008388][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  197.052868][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  197.089748][   T26] audit: type=1804 audit(1575757313.600:31): pid=7802 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir296317596/syzkaller.QYhnfs/4/file0" dev="sda1" ino=16519 res=1
22:21:53 executing program 0:
r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0)
r1 = gettid()
fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1})
fcntl$setlease(r0, 0x400, 0x0)
r2 = socket(0x10, 0x3, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
sendfile(r2, r3, 0x0, 0x1020000000e6)

[  197.180794][ T7700] device hsr_slave_0 entered promiscuous mode
[  197.199139][ T7700] device hsr_slave_1 entered promiscuous mode
[  197.239084][   T26] audit: type=1804 audit(1575757313.600:32): pid=7802 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir296317596/syzkaller.QYhnfs/4/file0" dev="sda1" ino=16519 res=1
[  197.278893][ T7700] debugfs: Directory 'hsr0' with parent '/' already present!
[  197.296631][ T7656] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  197.341161][ T7656] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  197.454713][ T7687] device hsr_slave_0 entered promiscuous mode
22:21:54 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
socket$inet6(0xa, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
write(r2, &(0x7f0000000340), 0x41395527)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000ac0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=""/9, 0x9}}], 0x1, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='stat\x00')
preadv(r3, &(0x7f0000000480), 0x10000000000000f2, 0x0)

[  197.499131][ T7687] device hsr_slave_1 entered promiscuous mode
[  197.552536][ T7687] debugfs: Directory 'hsr0' with parent '/' already present!
[  197.563956][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  197.577471][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  197.605937][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  197.619872][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  197.633709][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  197.645125][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  197.664664][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  197.677211][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  197.685973][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  197.698043][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  197.707065][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  197.718703][ T3017] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.725891][ T3017] bridge0: port 1(bridge_slave_0) entered forwarding state
[  197.767032][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  197.788233][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  197.809915][ T3017] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.817027][ T3017] bridge0: port 2(bridge_slave_1) entered forwarding state
[  197.847040][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  197.873288][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  197.910181][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  197.969845][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  198.035456][ T7656] 8021q: adding VLAN 0 to HW filter on device batadv0
[  198.077858][ T7682] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  198.128705][ T7682] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  198.208999][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  198.217071][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  198.301370][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  198.335575][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
22:21:54 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
socket$inet6(0xa, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
write(r2, &(0x7f0000000340), 0x41395527)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000ac0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=""/9, 0x9}}], 0x1, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='stat\x00')
preadv(r3, &(0x7f0000000480), 0x10000000000000f2, 0x0)

[  198.352685][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  198.391912][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  198.415905][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  198.445572][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  198.466423][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  198.536091][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  198.575691][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  198.622075][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  198.689788][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  198.748538][ T7682] 8021q: adding VLAN 0 to HW filter on device batadv0
[  198.819326][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  198.826843][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  199.093148][ T7700] 8021q: adding VLAN 0 to HW filter on device bond0
[  199.127266][ T7687] 8021q: adding VLAN 0 to HW filter on device bond0
[  199.196130][ T7700] 8021q: adding VLAN 0 to HW filter on device team0
[  199.317311][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  199.359410][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  199.367134][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  199.456250][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  199.547613][    C0] hrtimer: interrupt took 37813 ns
[  199.576804][ T7687] 8021q: adding VLAN 0 to HW filter on device team0
[  199.648941][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  199.676531][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  199.723279][ T7689] bridge0: port 1(bridge_slave_0) entered blocking state
[  199.730504][ T7689] bridge0: port 1(bridge_slave_0) entered forwarding state
[  199.815633][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  199.871741][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  199.909729][ T7689] bridge0: port 2(bridge_slave_1) entered blocking state
[  199.917251][ T7689] bridge0: port 2(bridge_slave_1) entered forwarding state
[  199.964750][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  200.003471][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  200.036043][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  200.067371][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  200.150385][ T7700] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  200.178309][ T7700] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  200.266200][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  200.275549][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  200.313177][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  200.333826][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  200.349508][ T3017] bridge0: port 1(bridge_slave_0) entered blocking state
[  200.356579][ T3017] bridge0: port 1(bridge_slave_0) entered forwarding state
[  200.401925][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  200.422222][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  200.449858][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  200.470464][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  200.501858][ T3017] bridge0: port 2(bridge_slave_1) entered blocking state
[  200.508957][ T3017] bridge0: port 2(bridge_slave_1) entered forwarding state
[  200.542040][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  200.562390][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  200.589908][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  200.630112][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  200.669380][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  200.689331][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  200.717151][ T7687] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  200.759293][ T7687] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  200.788050][ T7700] 8021q: adding VLAN 0 to HW filter on device batadv0
[  200.811384][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  200.820845][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  200.851977][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  200.871243][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  200.900577][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  200.920687][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  200.940351][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
22:21:57 executing program 2:
r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r1 = getpid()
sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb, 0x200}, 0x0)
r5 = creat(&(0x7f0000000280)='./file0\x00', 0x1)
write$binfmt_script(r5, &(0x7f0000000b80)=ANY=[@ANYBLOB="23024089d3f495ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867b5d9b750d3dc268a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5c756f7fbd75c4f6854c32f7c4625751083a544e2ed52767eee23606179b351dcdce49653758cf9725352da96697fad646eaff8be47e68ced624ccc39405cd27922170b8c56fbd09abe35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fb3aff6fd705ad79e1df4fc120000000000000027e49ba78aafefd775a53607bb3da5afbacb5b33d7005fc65718eacb3be731d415e9abe8a76efd45cc0f2fb23e3a6f80d147317dbc9249000000"], 0x128)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xa}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r5)
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0xf}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150)
dup(0xffffffffffffffff)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000180))

22:21:57 executing program 0:
r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0)
r1 = gettid()
fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1})
fcntl$setlease(r0, 0x400, 0x0)
r2 = socket(0x10, 0x3, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
sendfile(r2, r3, 0x0, 0x1020000000e6)

[  200.960198][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  200.982965][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  201.028063][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  201.054877][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  201.075834][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  201.111976][ T7687] 8021q: adding VLAN 0 to HW filter on device batadv0
[  201.146785][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  201.162987][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  201.276626][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  201.311363][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  201.580402][ T7962] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
22:21:58 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x0)

22:21:58 executing program 1:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000800)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000340)='cpuset.memory_pressure\x00', 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f00000033c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1}]}, &(0x7f0000000140)='GPL\x00', 0x1, 0xfb, &(0x7f0000000200)=""/251, 0x0, 0x0, [], 0x0, 0xf}, 0x48)
gettid()
sendmsg(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000780)={r2, r3, 0xf, 0x1}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2c)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(r4, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0)
ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000100))
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x40, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffeffff, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x401, 0x8001, 0x0, 0x5, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x200}, 0x4280, 0x0, 0x0, 0xb, 0x4, 0x4}, 0x0, 0x0, 0xffffffffffffff9c, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600)

22:21:58 executing program 2:
r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r1 = getpid()
sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb, 0x200}, 0x0)
r5 = creat(&(0x7f0000000280)='./file0\x00', 0x1)
write$binfmt_script(r5, &(0x7f0000000b80)=ANY=[@ANYBLOB="23024089d3f495ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867b5d9b750d3dc268a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5c756f7fbd75c4f6854c32f7c4625751083a544e2ed52767eee23606179b351dcdce49653758cf9725352da96697fad646eaff8be47e68ced624ccc39405cd27922170b8c56fbd09abe35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fb3aff6fd705ad79e1df4fc120000000000000027e49ba78aafefd775a53607bb3da5afbacb5b33d7005fc65718eacb3be731d415e9abe8a76efd45cc0f2fb23e3a6f80d147317dbc9249000000"], 0x128)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xa}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r5)
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0xf}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150)
dup(0xffffffffffffffff)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000180))

22:21:58 executing program 5:
r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r1 = getpid()
sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb, 0x200}, 0x0)
r5 = creat(&(0x7f0000000280)='./file0\x00', 0x1)
write$binfmt_script(r5, &(0x7f0000000b80)=ANY=[@ANYBLOB="23024089d3f495ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867b5d9b750d3dc268a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5c756f7fbd75c4f6854c32f7c4625751083a544e2ed52767eee23606179b351dcdce49653758cf9725352da96697fad646eaff8be47e68ced624ccc39405cd27922170b8c56fbd09abe35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fb3aff6fd705ad79e1df4fc120000000000000027e49ba78aafefd775a53607bb3da5afbacb5b33d7005fc65718eacb3be731d415e9abe8a76efd45cc0f2fb23e3a6f80d147317dbc9249000000"], 0x128)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xa}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r5)
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0xf}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150)
dup(0xffffffffffffffff)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000180))

22:21:58 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
io_submit(0x0, 0x0, 0x0)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r2, 0x4, 0x3800)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
fchmodat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xf6)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000240)=""/241)
close(0xffffffffffffffff)
r3 = open(0x0, 0x14103e, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000380))
ioctl$SIOCRSGCAUSE(r3, 0x89e0, 0x0)
r4 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
write$smack_current(r3, &(0x7f0000000080), 0x14)
setsockopt$inet6_int(r4, 0x29, 0x43, &(0x7f0000000000)=0x9, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
write(r4, &(0x7f00000001c0)='s', 0xffcf)
connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)

22:21:58 executing program 0:
r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0)
r1 = gettid()
fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1})
fcntl$setlease(r0, 0x400, 0x0)
r2 = socket(0x10, 0x3, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
sendfile(r2, r3, 0x0, 0x1020000000e6)

22:21:58 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x0)

[  202.325666][   T26] audit: type=1804 audit(1575757318.830:33): pid=7990 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir092899765/syzkaller.yLgltH/4/memory.events" dev="sda1" ino=16551 res=1
[  202.617146][   T26] audit: type=1804 audit(1575757319.120:34): pid=7990 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir092899765/syzkaller.yLgltH/4/memory.events" dev="sda1" ino=16551 res=1
22:21:59 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x0)

22:21:59 executing program 1:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000800)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000340)='cpuset.memory_pressure\x00', 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f00000033c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1}]}, &(0x7f0000000140)='GPL\x00', 0x1, 0xfb, &(0x7f0000000200)=""/251, 0x0, 0x0, [], 0x0, 0xf}, 0x48)
gettid()
sendmsg(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000780)={r2, r3, 0xf, 0x1}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2c)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(r4, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0)
ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000100))
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x40, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffeffff, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x401, 0x8001, 0x0, 0x5, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x200}, 0x4280, 0x0, 0x0, 0xb, 0x4, 0x4}, 0x0, 0x0, 0xffffffffffffff9c, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600)

22:21:59 executing program 3:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000800)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000340)='cpuset.memory_pressure\x00', 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f00000033c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1}]}, &(0x7f0000000140)='GPL\x00', 0x1, 0xfb, &(0x7f0000000200)=""/251, 0x0, 0x0, [], 0x0, 0xf}, 0x48)
gettid()
sendmsg(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000780)={r2, r3, 0xf, 0x1}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2c)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(r4, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0)
ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000100))
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x40, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffeffff, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x401, 0x8001, 0x0, 0x5, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x200}, 0x4280, 0x0, 0x0, 0xb, 0x4, 0x4}, 0x0, 0x0, 0xffffffffffffff9c, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600)

[  202.892419][   T26] audit: type=1804 audit(1575757319.400:35): pid=8016 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir092899765/syzkaller.yLgltH/5/memory.events" dev="sda1" ino=16558 res=1
22:21:59 executing program 1:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000800)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000340)='cpuset.memory_pressure\x00', 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f00000033c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1}]}, &(0x7f0000000140)='GPL\x00', 0x1, 0xfb, &(0x7f0000000200)=""/251, 0x0, 0x0, [], 0x0, 0xf}, 0x48)
gettid()
sendmsg(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000780)={r2, r3, 0xf, 0x1}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2c)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(r4, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0)
ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000100))
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x40, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffeffff, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x401, 0x8001, 0x0, 0x5, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x200}, 0x4280, 0x0, 0x0, 0xb, 0x4, 0x4}, 0x0, 0x0, 0xffffffffffffff9c, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600)

[  203.057798][   T26] audit: type=1804 audit(1575757319.560:36): pid=8020 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir098212947/syzkaller.k3K809/4/memory.events" dev="sda1" ino=16559 res=1
22:21:59 executing program 0:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000800)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000340)='cpuset.memory_pressure\x00', 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f00000033c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1}]}, &(0x7f0000000140)='GPL\x00', 0x1, 0xfb, &(0x7f0000000200)=""/251, 0x0, 0x0, [], 0x0, 0xf}, 0x48)
gettid()
sendmsg(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000780)={r2, r3, 0xf, 0x1}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2c)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(r4, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0)
ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000100))
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x40, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffeffff, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x401, 0x8001, 0x0, 0x5, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x200}, 0x4280, 0x0, 0x0, 0xb, 0x4, 0x4}, 0x0, 0x0, 0xffffffffffffff9c, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600)

22:21:59 executing program 2:
r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r1 = getpid()
sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb, 0x200}, 0x0)
r5 = creat(&(0x7f0000000280)='./file0\x00', 0x1)
write$binfmt_script(r5, &(0x7f0000000b80)=ANY=[@ANYBLOB="23024089d3f495ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867b5d9b750d3dc268a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5c756f7fbd75c4f6854c32f7c4625751083a544e2ed52767eee23606179b351dcdce49653758cf9725352da96697fad646eaff8be47e68ced624ccc39405cd27922170b8c56fbd09abe35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fb3aff6fd705ad79e1df4fc120000000000000027e49ba78aafefd775a53607bb3da5afbacb5b33d7005fc65718eacb3be731d415e9abe8a76efd45cc0f2fb23e3a6f80d147317dbc9249000000"], 0x128)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xa}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r5)
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0xf}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150)
dup(0xffffffffffffffff)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000180))

22:21:59 executing program 5:
r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r1 = getpid()
sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb, 0x200}, 0x0)
r5 = creat(&(0x7f0000000280)='./file0\x00', 0x1)
write$binfmt_script(r5, &(0x7f0000000b80)=ANY=[@ANYBLOB="23024089d3f495ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867b5d9b750d3dc268a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5c756f7fbd75c4f6854c32f7c4625751083a544e2ed52767eee23606179b351dcdce49653758cf9725352da96697fad646eaff8be47e68ced624ccc39405cd27922170b8c56fbd09abe35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fb3aff6fd705ad79e1df4fc120000000000000027e49ba78aafefd775a53607bb3da5afbacb5b33d7005fc65718eacb3be731d415e9abe8a76efd45cc0f2fb23e3a6f80d147317dbc9249000000"], 0x128)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xa}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r5)
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0xf}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150)
dup(0xffffffffffffffff)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000180))

[  203.188281][   T26] audit: type=1804 audit(1575757319.600:37): pid=7989 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir296317596/syzkaller.QYhnfs/7/file0" dev="sda1" ino=16550 res=1
[  203.347650][   T26] audit: type=1804 audit(1575757319.780:38): pid=8024 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir092899765/syzkaller.yLgltH/6/memory.events" dev="sda1" ino=16539 res=1
22:21:59 executing program 3:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000800)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000340)='cpuset.memory_pressure\x00', 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f00000033c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1}]}, &(0x7f0000000140)='GPL\x00', 0x1, 0xfb, &(0x7f0000000200)=""/251, 0x0, 0x0, [], 0x0, 0xf}, 0x48)
gettid()
sendmsg(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000780)={r2, r3, 0xf, 0x1}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2c)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(r4, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0)
ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000100))
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x40, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffeffff, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x401, 0x8001, 0x0, 0x5, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x200}, 0x4280, 0x0, 0x0, 0xb, 0x4, 0x4}, 0x0, 0x0, 0xffffffffffffff9c, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600)

22:22:00 executing program 2:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000800)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000340)='cpuset.memory_pressure\x00', 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f00000033c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1}]}, &(0x7f0000000140)='GPL\x00', 0x1, 0xfb, &(0x7f0000000200)=""/251, 0x0, 0x0, [], 0x0, 0xf}, 0x48)
gettid()
sendmsg(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000780)={r2, r3, 0xf, 0x1}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2c)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(r4, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0)
ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000100))
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x40, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffeffff, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x401, 0x8001, 0x0, 0x5, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x200}, 0x4280, 0x0, 0x0, 0xb, 0x4, 0x4}, 0x0, 0x0, 0xffffffffffffff9c, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600)

22:22:00 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
io_submit(0x0, 0x0, 0x0)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r2, 0x4, 0x3800)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
fchmodat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xf6)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000240)=""/241)
close(0xffffffffffffffff)
r3 = open(0x0, 0x14103e, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000380))
ioctl$SIOCRSGCAUSE(r3, 0x89e0, 0x0)
r4 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
write$smack_current(r3, &(0x7f0000000080), 0x14)
setsockopt$inet6_int(r4, 0x29, 0x43, &(0x7f0000000000)=0x9, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
write(r4, &(0x7f00000001c0)='s', 0xffcf)
connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)

22:22:00 executing program 1:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000800)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000340)='cpuset.memory_pressure\x00', 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f00000033c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1}]}, &(0x7f0000000140)='GPL\x00', 0x1, 0xfb, &(0x7f0000000200)=""/251, 0x0, 0x0, [], 0x0, 0xf}, 0x48)
gettid()
sendmsg(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000780)={r2, r3, 0xf, 0x1}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2c)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(r4, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0)
ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000100))
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x40, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffeffff, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x401, 0x8001, 0x0, 0x5, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x200}, 0x4280, 0x0, 0x0, 0xb, 0x4, 0x4}, 0x0, 0x0, 0xffffffffffffff9c, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600)

22:22:00 executing program 5:
r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r1 = getpid()
sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb, 0x200}, 0x0)
r5 = creat(&(0x7f0000000280)='./file0\x00', 0x1)
write$binfmt_script(r5, &(0x7f0000000b80)=ANY=[@ANYBLOB="23024089d3f495ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867b5d9b750d3dc268a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5c756f7fbd75c4f6854c32f7c4625751083a544e2ed52767eee23606179b351dcdce49653758cf9725352da96697fad646eaff8be47e68ced624ccc39405cd27922170b8c56fbd09abe35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fb3aff6fd705ad79e1df4fc120000000000000027e49ba78aafefd775a53607bb3da5afbacb5b33d7005fc65718eacb3be731d415e9abe8a76efd45cc0f2fb23e3a6f80d147317dbc9249000000"], 0x128)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xa}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r5)
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0xf}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150)
dup(0xffffffffffffffff)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000180))

22:22:00 executing program 0:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000800)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000340)='cpuset.memory_pressure\x00', 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f00000033c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1}]}, &(0x7f0000000140)='GPL\x00', 0x1, 0xfb, &(0x7f0000000200)=""/251, 0x0, 0x0, [], 0x0, 0xf}, 0x48)
gettid()
sendmsg(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000780)={r2, r3, 0xf, 0x1}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2c)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(r4, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0)
ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000100))
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x40, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffeffff, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x401, 0x8001, 0x0, 0x5, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x200}, 0x4280, 0x0, 0x0, 0xb, 0x4, 0x4}, 0x0, 0x0, 0xffffffffffffff9c, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600)

[  203.835731][   T26] audit: type=1804 audit(1575757320.340:39): pid=8050 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir858790722/syzkaller.kgp9N3/4/memory.events" dev="sda1" ino=16544 res=1
[  203.994852][   T26] audit: type=1804 audit(1575757320.430:40): pid=8056 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir098212947/syzkaller.k3K809/5/memory.events" dev="sda1" ino=16560 res=1
22:22:00 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
io_submit(0x0, 0x0, 0x0)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r2, 0x4, 0x3800)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
fchmodat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xf6)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000240)=""/241)
close(0xffffffffffffffff)
r3 = open(0x0, 0x14103e, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000380))
ioctl$SIOCRSGCAUSE(r3, 0x89e0, 0x0)
r4 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
write$smack_current(r3, &(0x7f0000000080), 0x14)
setsockopt$inet6_int(r4, 0x29, 0x43, &(0x7f0000000000)=0x9, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
write(r4, &(0x7f00000001c0)='s', 0xffcf)
connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)

[  204.143667][   T26] audit: type=1804 audit(1575757320.480:41): pid=8068 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir296317596/syzkaller.QYhnfs/9/memory.events" dev="sda1" ino=16565 res=1
22:22:00 executing program 2:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000800)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000340)='cpuset.memory_pressure\x00', 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f00000033c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1}]}, &(0x7f0000000140)='GPL\x00', 0x1, 0xfb, &(0x7f0000000200)=""/251, 0x0, 0x0, [], 0x0, 0xf}, 0x48)
gettid()
sendmsg(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000780)={r2, r3, 0xf, 0x1}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2c)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(r4, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0)
ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000100))
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x40, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffeffff, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x401, 0x8001, 0x0, 0x5, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x200}, 0x4280, 0x0, 0x0, 0xb, 0x4, 0x4}, 0x0, 0x0, 0xffffffffffffff9c, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600)

22:22:00 executing program 3:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000800)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000340)='cpuset.memory_pressure\x00', 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f00000033c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1}]}, &(0x7f0000000140)='GPL\x00', 0x1, 0xfb, &(0x7f0000000200)=""/251, 0x0, 0x0, [], 0x0, 0xf}, 0x48)
gettid()
sendmsg(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000780)={r2, r3, 0xf, 0x1}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2c)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(r4, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0)
ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000100))
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x40, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffeffff, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x401, 0x8001, 0x0, 0x5, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x200}, 0x4280, 0x0, 0x0, 0xb, 0x4, 0x4}, 0x0, 0x0, 0xffffffffffffff9c, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600)

[  204.195483][   T26] audit: type=1804 audit(1575757320.500:42): pid=8058 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir092899765/syzkaller.yLgltH/7/memory.events" dev="sda1" ino=16562 res=1
22:22:00 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
io_submit(0x0, 0x0, 0x0)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r2, 0x4, 0x3800)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
fchmodat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xf6)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000240)=""/241)
close(0xffffffffffffffff)
r3 = open(0x0, 0x14103e, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000380))
ioctl$SIOCRSGCAUSE(r3, 0x89e0, 0x0)
r4 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
write$smack_current(r3, &(0x7f0000000080), 0x14)
setsockopt$inet6_int(r4, 0x29, 0x43, &(0x7f0000000000)=0x9, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
write(r4, &(0x7f00000001c0)='s', 0xffcf)
connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)

22:22:00 executing program 0:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000800)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000340)='cpuset.memory_pressure\x00', 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f00000033c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1}]}, &(0x7f0000000140)='GPL\x00', 0x1, 0xfb, &(0x7f0000000200)=""/251, 0x0, 0x0, [], 0x0, 0xf}, 0x48)
gettid()
sendmsg(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000780)={r2, r3, 0xf, 0x1}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2c)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(r4, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0)
ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000100))
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x40, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffeffff, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x401, 0x8001, 0x0, 0x5, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x200}, 0x4280, 0x0, 0x0, 0xb, 0x4, 0x4}, 0x0, 0x0, 0xffffffffffffff9c, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600)

22:22:00 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
io_submit(0x0, 0x0, 0x0)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r2, 0x4, 0x3800)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
fchmodat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xf6)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000240)=""/241)
close(0xffffffffffffffff)
r3 = open(0x0, 0x14103e, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000380))
ioctl$SIOCRSGCAUSE(r3, 0x89e0, 0x0)
r4 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
write$smack_current(r3, &(0x7f0000000080), 0x14)
setsockopt$inet6_int(r4, 0x29, 0x43, &(0x7f0000000000)=0x9, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
write(r4, &(0x7f00000001c0)='s', 0xffcf)
connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)

22:22:01 executing program 2:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000800)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000340)='cpuset.memory_pressure\x00', 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f00000033c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1}]}, &(0x7f0000000140)='GPL\x00', 0x1, 0xfb, &(0x7f0000000200)=""/251, 0x0, 0x0, [], 0x0, 0xf}, 0x48)
gettid()
sendmsg(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000780)={r2, r3, 0xf, 0x1}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2c)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(r4, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0)
ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000100))
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x40, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffeffff, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x401, 0x8001, 0x0, 0x5, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x200}, 0x4280, 0x0, 0x0, 0xb, 0x4, 0x4}, 0x0, 0x0, 0xffffffffffffff9c, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600)

22:22:01 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
io_submit(0x0, 0x0, 0x0)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r2, 0x4, 0x3800)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
fchmodat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xf6)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000240)=""/241)
close(0xffffffffffffffff)
r3 = open(0x0, 0x14103e, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000380))
ioctl$SIOCRSGCAUSE(r3, 0x89e0, 0x0)
r4 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
write$smack_current(r3, &(0x7f0000000080), 0x14)
setsockopt$inet6_int(r4, 0x29, 0x43, &(0x7f0000000000)=0x9, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
write(r4, &(0x7f00000001c0)='s', 0xffcf)
connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)

22:22:01 executing program 0:
r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r1 = getpid()
sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb, 0x200}, 0x0)
r5 = creat(&(0x7f0000000280)='./file0\x00', 0x1)
write$binfmt_script(r5, &(0x7f0000000b80)=ANY=[@ANYBLOB="23024089d3f495ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867b5d9b750d3dc268a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5c756f7fbd75c4f6854c32f7c4625751083a544e2ed52767eee23606179b351dcdce49653758cf9725352da96697fad646eaff8be47e68ced624ccc39405cd27922170b8c56fbd09abe35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fb3aff6fd705ad79e1df4fc120000000000000027e49ba78aafefd775a53607bb3da5afbacb5b33d7005fc65718eacb3be731d415e9abe8a76efd45cc0f2fb23e3a6f80d147317dbc9249000000"], 0x128)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xa}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r5)
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0xf}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150)
dup(0xffffffffffffffff)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000180))

[  205.363850][ T8088] ==================================================================
[  205.372009][ T8088] BUG: KCSAN: data-race in __perf_event_overflow / fasync_remove_entry
[  205.380235][ T8088] 
[  205.382560][ T8088] read to 0xffff888119ea52f8 of 8 bytes by interrupt on cpu 1:
[  205.390112][ T8088]  __perf_event_overflow+0x11d/0x200
[  205.395419][ T8088]  perf_swevent_hrtimer+0x261/0x280
[  205.400622][ T8088]  __hrtimer_run_queues+0x274/0x5f0
[  205.405852][ T8088]  hrtimer_interrupt+0x22a/0x480
[  205.410794][ T8088]  smp_apic_timer_interrupt+0xdc/0x280
[  205.416254][ T8088]  apic_timer_interrupt+0xf/0x20
[  205.421316][ T8088]  ipv4_mtu+0x212/0x250
[  205.425480][ T8088]  sctp_transport_pmtu+0xc3/0x260
[  205.430513][ T8088]  sctp_transport_route+0xfe/0x1e0
[  205.435633][ T8088]  sctp_assoc_add_peer+0x322/0x7f0
[  205.440751][ T8088]  sctp_process_init+0xc10/0x1620
[  205.445782][ T8088]  sctp_sf_do_unexpected_init.isra.0+0x549/0xa70
[  205.452118][ T8088]  sctp_sf_do_5_2_1_siminit+0x3e/0x60
[  205.457497][ T8088]  sctp_do_sm+0xc2/0x2ef0
[  205.461830][ T8088]  sctp_assoc_bh_rcv+0x291/0x3e0
[  205.466767][ T8088]  sctp_inq_push+0x107/0x1a0
[  205.471354][ T8088]  sctp_backlog_rcv+0x112/0x7a0
[  205.476207][ T8088]  __release_sock+0x135/0x1e0
[  205.480878][ T8088]  release_sock+0x61/0x160
[  205.485325][ T8088]  sctp_wait_for_connect+0x21c/0x330
[  205.490610][ T8088]  __sctp_connect+0x5af/0x670
[  205.495284][ T8088]  sctp_inet_connect+0xd7/0x120
[  205.500132][ T8088]  __sys_connect+0x1e9/0x250
[  205.504718][ T8088]  __x64_sys_connect+0x4c/0x60
[  205.509492][ T8088]  do_syscall_64+0xcc/0x370
[  205.513997][ T8088]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  205.519877][ T8088] 
[  205.522209][ T8088] write to 0xffff888119ea52f8 of 8 bytes by task 8088 on cpu 0:
[  205.529837][ T8088]  fasync_remove_entry+0xba/0x120
[  205.534860][ T8088]  fasync_helper+0xcf/0xdc
[  205.539279][ T8088]  perf_fasync+0x6c/0xa0
[  205.543522][ T8088]  __fput+0x46a/0x520
[  205.547501][ T8088]  ____fput+0x1f/0x30
[  205.551485][ T8088]  task_work_run+0xf6/0x130
[  205.555995][ T8088]  exit_to_usermode_loop+0x2b4/0x2c0
[  205.561279][ T8088]  do_syscall_64+0x353/0x370
[  205.565870][ T8088]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  205.571758][ T8088] 
[  205.574079][ T8088] Reported by Kernel Concurrency Sanitizer on:
[  205.580320][ T8088] CPU: 0 PID: 8088 Comm: syz-executor.4 Not tainted 5.4.0-syzkaller #0
[  205.588568][ T8088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  205.598621][ T8088] ==================================================================
[  205.606681][ T8088] Kernel panic - not syncing: panic_on_warn set ...
[  205.613365][ T8088] CPU: 0 PID: 8088 Comm: syz-executor.4 Not tainted 5.4.0-syzkaller #0
[  205.622027][ T8088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  205.632076][ T8088] Call Trace:
[  205.635377][ T8088]  dump_stack+0x11d/0x181
[  205.639709][ T8088]  panic+0x210/0x640
[  205.643614][ T8088]  ? vprintk_func+0x8d/0x140
[  205.648224][ T8088]  kcsan_report.cold+0xc/0xd
[  205.652840][ T8088]  kcsan_setup_watchpoint+0x3fe/0x460
[  205.658310][ T8088]  __tsan_unaligned_write8+0xc4/0x100
[  205.663681][ T8088]  fasync_remove_entry+0xba/0x120
[  205.668708][ T8088]  fasync_helper+0xcf/0xdc
[  205.673158][ T8088]  perf_fasync+0x6c/0xa0
[  205.677418][ T8088]  __fput+0x46a/0x520
[  205.681403][ T8088]  ? __perf_event_init_context+0x1b0/0x1b0
[  205.687223][ T8088]  ____fput+0x1f/0x30
[  205.691227][ T8088]  task_work_run+0xf6/0x130
[  205.695745][ T8088]  exit_to_usermode_loop+0x2b4/0x2c0
[  205.701040][ T8088]  do_syscall_64+0x353/0x370
[  205.705645][ T8088]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  205.711540][ T8088] RIP: 0033:0x414291
[  205.715612][ T8088] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  205.735329][ T8088] RSP: 002b:00007ffdf7b13260 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  205.743745][ T8088] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000414291
[  205.751780][ T8088] RDX: 0000000000000000 RSI: ffffffff844ea93d RDI: 0000000000000005
[  205.759753][ T8088] RBP: 0000000000000001 R08: ffffffff816ba2d0 R09: 0000000091d441c9
[  205.767728][ T8088] R10: 00007ffdf7b13340 R11: 0000000000000293 R12: 000000000075c9a0
[  205.775725][ T8088] R13: 000000000075c9a0 R14: 00000000007616c8 R15: 000000000075c07c
[  205.783738][ T8088]  ? __vfs_write+0xa0/0xc0
[  205.788165][ T8088]  ? sctp_sendmsg+0x123d/0x14e0
[  205.794532][ T8088] Kernel Offset: disabled
[  205.798864][ T8088] Rebooting in 86400 seconds..