0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f00000003c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb) add_key(&(0x7f00000001c0)='trusted\x00', &(0x7f0000000380)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff9) preadv(0xffffffffffffffff, 0x0, 0xfffffffffffffef4, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) r1 = socket$inet(0x2, 0x6000000000000003, 0x6) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='sit0\x00', 0x10) sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) seccomp$SECCOMP_GET_NOTIF_SIZES(0x3, 0x0, &(0x7f0000000240)) r3 = socket(0x2, 0x0, 0x0) r4 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) setsockopt$inet6_udp_int(r3, 0x11, 0x0, 0x0, 0x0) fallocate(r4, 0x0, 0x0, 0x9) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000821ff0)={0x2, 0x4e20}, 0x10) ioctl$TCGETS(0xffffffffffffffff, 0x5401, &(0x7f0000000080)) dup2(0xffffffffffffffff, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000580)={&(0x7f0000000280)={0x20, 0x0, 0x0, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_DAEMON={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x10000048}, 0x0) [ 507.881250][T14830] netlink: 18 bytes leftover after parsing attributes in process `syz-executor.1'. 11:56:44 executing program 3: r0 = socket(0x10, 0x803, 0x0) process_vm_writev(0x0, 0x0, 0x5, &(0x7f0000000780)=[{&(0x7f00000028c0)=""/224, 0xe0}], 0x1, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000d00)=""/226, 0xe2}], 0x1, 0x0, 0x0, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000c00)=""/251, 0xfb}], 0x1, 0x0) sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000001fc0)={0x1cc, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x44, 0x5, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_BEARER={0x110, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'caif0\x00'}}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @rand_addr="a6e53038e701b5ba95e0921902d32fc5"}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @mcast1}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_MEDIA={0x38, 0x5, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_BEARER={0x1c, 0x1, [@TIPC_NLA_BEARER_NAME={0x8, 0x1, @l2={'ib', 0x3a, '\x00'}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}]}, @TIPC_NLA_BEARER={0x10, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x1cc}}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) [ 507.987143][T14830] netlink: 'syz-executor.1': attribute type 8 has an invalid length. [ 508.088157][T14830] netlink: 18 bytes leftover after parsing attributes in process `syz-executor.1'. 11:56:45 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:56:45 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) [ 508.208205][ C1] net_ratelimit: 20 callbacks suppressed [ 508.208230][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 508.219971][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 508.226285][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 508.232351][ C1] protocol 88fb is buggy, dev hsr_slave_1 11:56:45 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:56:45 executing program 2: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) [ 508.715565][T14865] netlink: 'syz-executor.1': attribute type 8 has an invalid length. [ 508.765361][T14865] netlink: 18 bytes leftover after parsing attributes in process `syz-executor.1'. [ 508.912423][T14878] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 508.923406][T14878] CPU: 1 PID: 14878 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 508.931299][T14878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 508.941343][T14878] Call Trace: [ 508.944638][T14878] dump_stack+0x11d/0x181 [ 508.949011][T14878] dump_header+0xaa/0x449 [ 508.953468][T14878] oom_kill_process.cold+0x10/0x15 [ 508.958643][T14878] out_of_memory+0x231/0xa00 [ 508.963273][T14878] mem_cgroup_out_of_memory+0x128/0x150 [ 508.968864][T14878] try_charge+0xb5c/0xbe0 [ 508.973273][T14878] mem_cgroup_try_charge+0xd2/0x260 [ 508.978469][T14878] mem_cgroup_try_charge_delay+0x3a/0x80 [ 508.984121][T14878] wp_page_copy+0x322/0x1120 [ 508.988713][T14878] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 508.994466][T14878] do_wp_page+0x192/0x11f0 [ 508.998874][T14878] ? __udelay+0x10/0x20 [ 509.003200][T14878] __handle_mm_fault+0x1ab1/0x2c70 [ 509.008741][T14878] ? delay_tsc+0x8f/0xc0 [ 509.012987][T14878] handle_mm_fault+0x21b/0x530 [ 509.017749][T14878] __do_page_fault+0x456/0x8d0 [ 509.022511][T14878] ? cgroup_rstat_updated+0xbe/0x1e0 [ 509.027791][T14878] do_page_fault+0x38/0x194 [ 509.032389][T14878] page_fault+0x34/0x40 [ 509.036536][T14878] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 509.043158][T14878] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 509.062754][T14878] RSP: 0018:ffffc90003993bc0 EFLAGS: 00010206 [ 509.068828][T14878] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 509.076805][T14878] RDX: 0000000000001000 RSI: ffff888124bd3b00 RDI: 0000000020f9c000 [ 509.084947][T14878] RBP: ffffc90003993bf8 R08: ffff88809e268080 R09: 000088809e268b98 [ 509.092907][T14878] R10: 0000000000000000 R11: 000088809e268b9f R12: 0000000020f9b500 [ 509.100868][T14878] R13: 0000000020f9c500 R14: 0000000000000000 R15: 00007ffffffff000 [ 509.108951][T14878] ? copyout+0xa5/0xb0 [ 509.113085][T14878] copy_page_to_iter+0x254/0x8b0 [ 509.118039][T14878] pipe_to_user+0x71/0xc0 [ 509.122368][T14878] __splice_from_pipe+0x248/0x480 [ 509.127386][T14878] ? iter_to_pipe+0x3f0/0x3f0 [ 509.132062][T14878] do_vmsplice.part.0+0x1c5/0x210 [ 509.138298][T14878] __do_sys_vmsplice+0x15f/0x1c0 [ 509.143238][T14878] ? __read_once_size+0x5a/0xe0 [ 509.148141][T14878] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 509.153916][T14878] ? _copy_to_user+0x84/0xb0 [ 509.158502][T14878] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 509.164907][T14878] ? put_timespec64+0x94/0xc0 [ 509.169624][T14878] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 509.175939][T14878] __x64_sys_vmsplice+0x5e/0x80 [ 509.180791][T14878] do_syscall_64+0xcc/0x370 [ 509.185296][T14878] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 509.191251][T14878] RIP: 0033:0x45a639 [ 509.195227][T14878] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 509.214822][T14878] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 509.223416][T14878] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 509.231376][T14878] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 509.240233][T14878] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 509.248195][T14878] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 11:56:46 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xa00) [ 509.256367][T14878] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 509.264507][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 509.270299][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 509.276684][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 509.282477][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 509.288255][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 509.293986][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 509.299792][T14878] memory: usage 307200kB, limit 307200kB, failcnt 26127 [ 509.306730][T14878] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 11:56:46 executing program 3: r0 = socket(0x10, 0x803, 0x0) process_vm_writev(0x0, 0x0, 0x5, &(0x7f0000000780)=[{&(0x7f00000028c0)=""/224, 0xe0}], 0x1, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000d00)=""/226, 0xe2}], 0x1, 0x0, 0x0, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000c00)=""/251, 0xfb}], 0x1, 0x0) sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000001fc0)={0x1cc, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x44, 0x5, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_BEARER={0x110, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'caif0\x00'}}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @rand_addr="a6e53038e701b5ba95e0921902d32fc5"}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @mcast1}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_MEDIA={0x38, 0x5, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_BEARER={0x1c, 0x1, [@TIPC_NLA_BEARER_NAME={0x8, 0x1, @l2={'ib', 0x3a, '\x00'}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}]}, @TIPC_NLA_BEARER={0x10, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x1cc}}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) [ 509.313735][T14878] Memory cgroup stats for /syz5: [ 509.313938][T14878] anon 300429312 [ 509.313938][T14878] file 98304 [ 509.313938][T14878] kernel_stack 1179648 [ 509.313938][T14878] slab 2854912 [ 509.313938][T14878] sock 0 [ 509.313938][T14878] shmem 0 [ 509.313938][T14878] file_mapped 0 [ 509.313938][T14878] file_dirty 0 [ 509.313938][T14878] file_writeback 0 [ 509.313938][T14878] anon_thp 283115520 [ 509.313938][T14878] inactive_anon 0 [ 509.313938][T14878] active_anon 300429312 [ 509.313938][T14878] inactive_file 0 [ 509.313938][T14878] active_file 0 [ 509.313938][T14878] unevictable 0 [ 509.313938][T14878] slab_reclaimable 405504 [ 509.313938][T14878] slab_unreclaimable 2449408 [ 509.313938][T14878] pgfault 31911 [ 509.313938][T14878] pgmajfault 0 [ 509.313938][T14878] workingset_refault 0 [ 509.313938][T14878] workingset_activate 0 [ 509.313938][T14878] workingset_nodereclaim 0 [ 509.313938][T14878] pgrefill 18328 [ 509.313938][T14878] pgscan 18362 [ 509.313938][T14878] pgsteal 34 [ 509.313938][T14878] pgactivate 18282 11:56:46 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) [ 509.410159][T14878] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=14874,uid=0 [ 509.425644][T14878] Memory cgroup out of memory: Killed process 14875 (syz-executor.5) total-vm:72980kB, anon-rss:16072kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:159744kB oom_score_adj:1000 [ 509.447620][ T1069] oom_reaper: reaped process 14875 (syz-executor.5), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 11:56:46 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000040), 0x4) sendmmsg$inet6(r0, &(0x7f00000050c0)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000300)="4f7834fc172eb3a4e42f4e40b7841bfbe5786cb710fd10965da8bca5a250bb6cc288aeaaa9f39fc99c26f7ef40ae95ad6d35af8470291390370007adcb54b10f9bf4749c554307b9f69c540f3f873609e7968f95bbb875ad66c6d46fff82a1943093a94341de94b986b2ccab4c442a848df5792af71ea4b4fa5c8c1ed4d95a12f929b338427715441e55b161f2aa4e9b86056dfc82efaa757819d1644ab075b9203f310e4d87660d43488cdbd74887806e1886195761e893439909836edc98f823f4e44ab3c1d937ad8ff81ce5d9b1c976025b73b0657e512fb457b5bb8c605f875fff141ad5ccc0ea4033cfaa78913c9900"/251, 0xfb}, {&(0x7f0000000180)="cc0663eed11f3574190e71474542370856f713de3bdcc565f6dba6c62dcec397e9545f9907be1263dd8001af4c9960aac0d5ef99f33d59febddd5be46925c7e267668497edb06408b245d5f6b8231c0153711204cb683b57937c5b", 0x5b}, {&(0x7f0000000e00)="3923dae552beb84fb6a2ae6b8f2af40af74b1f003664000200002961414f76045c51d41139940b36ce221e01f17341d8fc56e63fcb6f2c5ccf5302416f83db4067b22f029a7f8ef7deb70d6e3b795a6981b0068231030be2279c3d42f763a8d18e8c8551e0eee8d3a2b61f143ec89f31c4ac49bdd00319e89521d98635fec9b3029e615371fcd7787cd600a5cf996c5f3abc72693b7891bd301ff6428d5240f3ef8d5519fc5cff6f047b0b8589496c39d11c537d8f09b032878d9206ea461d3f6d74a03e8d1c5379df430825d3fb962b1c255aa8663fb396f2ccf40e2bc7c6536722e115c3ef2198f0cad4c35309bc265f1d15f9935d5089e6e38bf0", 0xfc}, {&(0x7f0000000b40)="92492b4d1ecc91aec8ba3b679b86a9cc9fc2a326aeaff0a608c7eb9fc59942cfd939468bd78551601e60a86a395e51e5d4ad19f67661f400cebe7dcdc8f5903cdefff44527ed601d9a917ed7736a831412416e60fb564c8f29eb525463b243325106d5bf460a670cf379b631f8fb6d100f", 0x71}], 0x4}}, {{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000c40)="de0f4bd1a4d9b2c40f8fbd362dcc0ed0a2300f431de4de8ab4ec1d64138a1317c39d1b793138c7b80cc1f1a0ca72161faf368a580cef57af815ef82ac517891f4a0da7ea68d2da60d877f70f1a2515766ec48dbce7ad320d5f1a2d67c6cfb409f19f5ced2a11a1781ddd253c8973559fe91f7e2b780ebcea822b2478e8647d85fd00f2fc38b545a89b9f2361fd076d742db1160e61b3788f36acf88547b7afb96ba46ba175e5db", 0xa7}, {&(0x7f0000000f00)="1b7b71788fb91c1d85c51dc877adb6147f7b0e4fa564d670c3a3beadb459df5365582bb9c958f125fb326d52804d351b54b3b90f9b45cc9abee38ea74d2a9d26d6f6aa435049a5a317734872716d606c753518dfb8523b854debd435ac7f7bcacf22052e5857fae051bb557f1a19763f9157b5bbc3ec88af9e4abc784e5f3aba6f4e681f6d3bb400e013dcda0a56459112d28fb245b8d6ce4bc921ac201b5cca1cc92edf001e402494dce83285dcfe3aca690bf29e924c6e6a5c55530c6dcad28369e0578de429e7e1e9406a05900572f6219988e35a1af4a50775e4488e07d5a9b481989604138f07dc4355f5b21d3cddb07d50814db836d6ea", 0xfa}], 0x2}}, {{0x0, 0x0, &(0x7f0000001cc0)=[{&(0x7f0000001080)="5a490e2f762fc50d65073251bc047448234dce7bd5654d1c0d81be7f474bb8d0b46dd5fc1326b4f9064bef61a76eff9093187cc9369fb7612e235162583ded2c5e68a364c9a173d9687e61dc6f6e5e17e8f09408c92e4ecb29f806a69762a234fab408f47d57ea7525135e7ca34911a4aacf11324bd873bb5d2d2623cc8d47ae9bbac817993c21361a4cee450a933e2f19cc45aba4c58f0e5af7659316a2eede9df5197a590cbfbba307e60c95711a14e87db94448a60b09f49fe2ba3476127644e06b916b0e00e557496faf50a3d42c13a6c8421aac4ffe5ac5e648c6523c312cf020710b03f8f8d10e14d052e0fb0101a8", 0xf2}, {&(0x7f00000011c0)="a2bb1eaa55e5fe7863898f786838b6", 0xf}, {&(0x7f00000012c0)="c867801e709311e1a1f1069f48728435108095371588f4970fc03958871606e252133c86b54b2c3c440fe5b76b99a9462702b2355dc9e5c9137d42ec14ca4820094a3ed82ad6cf19a9ba4a1eb43f866c4f911c0b11301b94a3f5278ee4d4aa5885fdde4efc99ca657079edb271adb5e8701003e57df06604b748c93fcbe20ce0728736ee966ac0edb1dbd82decc9c9abf13cf7015fd2f9f4cb461a70d047f06cb1df03c5c0a3acc70a6472309f86ab", 0xaf}, {&(0x7f0000001bc0)="ca2dae2052975fb15f761f104836823098de81c7cd65570e29bece31dff64c8d09382e999d15960c38910233d4e60045e1af3d150ec998afe0455a47a806b97bf28734c329f19206509a806e92aa582b8092e78b7ee51633e63c107b9c85269e61be5b4c9045e874e32b6ec5f76bc9bd8d8667807bf37028dfb0a502d116b457d44b456c14a218ce03ddf6f64bf344e7a3aa1176305fd50329fff3d283d22a628c8bca8520dd481fe9102b1a46b8be0b959154357de90f795a75abf15569d7cc48971fb0069f6283a0a1ac78f8a54a177e03751108e2ceede8", 0xd9}], 0x4}}, {{0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001f80)="bb2216dec4f38ac05b55d08cb07cb5b34df7091939e5303cced510f31533f75a8d79a1f84c80f76028a620d00818729002e75f197d3d372e52ce8a1e639c63ebb3", 0x41}, {&(0x7f0000002000)="48ba51564c1a6ada6ef8b5288745fe8b2bdf66df8a486244f9ef0c8f8d1c62c35b442d219ed59f6ac3a46fc93bffa934408001dc75015eea9ee22dc429b51b7be356365d5fdacaef97a6db35152ef31127dbd4b5fb0b455c1558be4dd33f3477c5e63f254d22b9eb48ea672abf8bd7d8210a8766fe6cc6eb1e856609086d99e85bf577a2507429e1b65b8729389269afd869351d9f0edc92e84848e09e73369e116d3c460a2f0d4261f5b0c0f1da947d99e8095b76a7e31e4c9a359dd421", 0xbe}, {&(0x7f0000001380)="1c6d0fd25b18efb95d53cdc18de883e49c81ee61", 0x14}, {&(0x7f00000020c0)="2a4b08b9643c84c2663ab1594e31ace5882b018a1cd6fcb811c4391612afa9fe3ad26bd3c5061918e9ffcc5287a6b8305f66931fe5a94ad6558831c8e0894d6e2323d173d53a60c88f7133e37c7070e288229684029b99bf212856d3179f52e9a26da73f978b1b15cdc610e03ccb2ea62746bf6d78b9d656911ed2e87c221052b33ec9e5f80a44f6703f559c9c6759cede4e1b8b1c8aac035db39e6ee26224c8b11f1fada5252c30e44227bf637666ed5340ffb1554c911faf4350ad5ccbc7428af07ba08ae80cd1ea7f9f2c6d21a7998bcf", 0xd2}, {&(0x7f00000021c0)="f09d4ea4ac76fa237b1d146e7714b8cd4294d7776e1149ce80499fe87abe8ff0ccb77be14766db1f3919cb943fc406e2a7000cc84e1f9c575fc09ae4db01086022ec7a5cbec9842317db69c1d98e3ebe796ab75acde54c88beef101b676c1bf745503c1ea826bec8cb842d9f51a74f42fb870ecae0498c1db115fdead8d61e6ade5399adbfad01b98d638516807d24fea693e64018897f7a37705a0114fdaa27f6a5985205f562aec6ea91428a327343b4771e11e2741e03e7fd7e4b6966512af7966fd5d71edfe5ffab52beeadea9a77e4d07488bd43d4481cce86d21e95aac4e5a6db0e61e9cc0", 0xe8}], 0x5}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000003940)="59daa142ee79c4d6451677d5ad61512c3ffe1f21e00a5e5f013a3315bac4964b124ab4593ac41860addb439e3b5e40604bb63061bd2a1f57faa2cd84fe39fea8d50cde0ce039d0725c92eadc95af84f8d992542e83ed989e91b01de5ec9735774b4c182511746175e2d88bf329f42c3bfa430018e951d0d1d2a0dac356702338018cf5f11281d21160406b57974b08185fc0f3deee447cb387f760a8a9fa11361ec1ed4c961feff8c69e1bfc7299ea7502b60bb0371112adea15b995ee7a24f5d7f4590f0a4d10320fad080e7b64be9c025d2f2b638bec8c4457d32bad90021834c486c7986edc489d719d7cc0c213a7449df95aa196d60528c28e09d9793b1dc4dc94362c490e0bf94ab1938e55e424d5be6a1ff57355d03fcd98a5f3df0fbbae4df4f48012fae6dad59a769bb513919310b4c8afbccb341ebc48f03eb705ac3c07639aac6e636f76549bc908652ca45432c5b25a49966b35266a7d4d73ef228fa29dcf6757c75f53437fc99c32b1f03a70e3abc3870d7708dfd997308916afddc3c9b61c27b72cc48eca4c40d19a429c5fb27947a87cddd9f9f990ffc53d5b8630e023f34a771647a69ebb4362a0c99621958128fe557eec104d0944ad36af09c804af4665c758494bdad3c5e777296ba15f8e844a5614c29e6679922ae9a6f00dcd5c7f8846c26cd89332913b51d1e67452bf9c6fc89c1defde3b6ae64ba4ac2c0fee38f1e2cc9710e624c14b2e5e395043444b12d1657cd3535d157605e17b3076bc80b5d347fa71560e436fd5f873f48cbee291de234a6555ac103a39f94f8505d582c22e8f742d375d0f60755c3d921e77cc23f385162db065c08e7b857ff674b42b1e20dc81adfc18de9fa02e21aec37ddac5b6c8998659398e337dc33aeec91d6fdce7ba524c7e14f571ea61660d2487e13b7eb1cf9113c9853e7a6f4f7a6c93b2181bd870c4d58e3f83bd17eedb5e63108be909c7648c8b5279d9eb15af46a7f58a743856780377fd70e931f309e0ee0017369af9230e3144e81f79b660937210575bb6542ef6fec59a434866e3ecbca0fb3bceb9cc813c2ca3727093d4c0e9df8c678e3b39ec50d4545b4e5bb7dd46ff4b9fcce250a5d59fe541055292604e915b44e11384e1cfc2d312073eaa5bd9486c41179ecd9d049f45870abcfabb252dbfda7b95e7e1166f23e17e9748e0a66b58c75751023610d74a7d3939d2c84ac1db2fecd0c7c03ebaa4b25044e915692781ee5fa91a53eff7ee5a4f7c15a34490d4ac919e34fdf5efa1c511d4efb679d93b1006779b3cbcccfb1d2669c9a8d0f544abf4066a5b1c2fb2e3cea1142cc6dc498351ffda4223012fa64db98babc5bbd7ea3c4c462e29bd0469135cf85a0a2e03017c17300f3401131fc6f4bdc0fd15b843fb28c4704f02df2bbcd969d9da1a8c3435b04ebef6c303f6c9784606df06171182755887c59ecc6c08912855e9e7350b549e894230fe0a046416606623abc7a3e917bc246abc160faca7b121e598e87007807afe73faab7a03150c06da628f2faef032002e40f1176d7e0fb95894f55bf76b73224bfcbac88eaba63719974d255e673727f85c05a8b68a7d16145d9241acbf2424d6b5bf862e80baa5951ffbc8e9d10028965ecde6cd4309d486d66ef8f6f6f3e00d2f299a1497d9c4383b08ca8433aff84b1c41575ab9884174f4e9c9c221b7cf1baaaa3862c415c958e5fc2604fefbf320c2a15ec8fc7d09858b72a084c3a580bc5d3bc8a4012616c9e716be54c8954505a5eb7585d41844a139936a128c3b8df68e7c4e7a3645fc8cf23665a4fa85dcfe79811ae4a5d6aa166af020d8e601e3da3e77b782b8d8cf4a735b6d62cda20040a1e83bf76ef74e673ae2619c0d26ed6853dc90c60c3a24313cf49fc4357679c40e3df4e0e601c8a7d69d5de87a726e2cd2b361aa413ff898e4fc83973058c4f6a05708244688ed3764371a07af0d0dc6de9d0bfb49eacba870a1735531a1f3e6aac8c7c5d9dc94ee02601366b76e05c7dbe6d7a3c8ff2e0145b0e98dddd80a503111a8325d777f2f9003601c876ac0cf96997b912c81d2025023d69989e2f58ac05dfa7c4cda7ff0d9d45ccf1e51eaea0f1cf1dbde9fc1995937043fb8c09a705d224d9c93b79ff005f81d35ef04521100c311df4f7ce939e5e487707de857bda8724bf08f630cd9d67687647f3ca8de2e20ced46f509c66ee552c6d1f142ba1dfa88b147b12e3fe4e75d88592dcd70254c0ae30b42ef4631f7edd8a617d76f0477f986a2fe6153fbd70294f12f46c3cc704076c27ede0cfbfe71fd24002370df83fbcf3d29728e0ceef5122207388c301a4bc1f84adac99ff082032c3d378c9ddee4ab2ad6acf6490e0a9f3cf3015ee9224cbdcd1e0b7f67d310e0398b79d45b9f25455b38158c3f6a1a855010023060bfa9f53d89491177db562c753ae631cd53f50050e43962f9591d096bdaeb8ab49468b7b36f16f9feca2bd2dd047e749b8f6ea34e4b2259807522efb3399ceca99f837e47558efdbf9d07d50e5e8506e53581ecb6790f0dd23aea6a9284d030167e0d4100659bbf2d5fc7a8560725c6b808de8ca5179d627d88fdaef129fd188dda74c8c3a92dcca150ccaa11ad7e17dedc9468248f9cf2df68a916ac5ee73046d96faceaf2b730875221523d5eff3e6bee1e8ac43d1044bbfe0c006d424dc7585b0c174cba2e19c3c3b511ec521b42aab3d9c2a16d214e77b61a52d59b13ccba56db457edd19c0b582fa5df6a49f4232b8605b2dd9a878d93da1a897607e36ff81a9c9695ab1a3dc07a38d9adc5f7c45e131ee5dcc6cbf54e98bc11d5617441bae03a9aefdaeb07d108e60137b1956274110b6557cbe072ffff09749cd50fc32f8f99b23412b36b48f1df0cd33dea00db412b945cf58880df59ec04bba5b7e608cee94a4d3a934101f948308b1ed7c35f615c20ea864a95c632cc99d74b5d6b887168c66913122f5fdcce93b0ad0f2fab2a43e044da82e1c23242baa66ce8e240ffa996ff3132b5117efa0e521dab1b76b8868a32bc05497efc8795607ecd22078cb558fde037f2a1ec4ddf1bffc6bc1e10c53d86aea1301115c0e4fb9c2308eb596d51590a36346559eb06aacfa2834b3dd7e43e0210597c827fb8d4d686bb2733f32c9fbe6a4775b3ac5a8bad15dcafb40d6f2dbd8ce82c129c584d3688f8681a32a292895fcafe6eca80e54d2a51300492e705bf3e7be77bfcb6314da027873feddd450ec15da40e03a22c391ac8b684e54c348dd6aa0cf146e00cf643f5fa7b950329ed0c0635412140b31ec28d2558d4f78ee36a28d2d18f06de44c9210aeadc93125a25363784609ce0bf94166273a64c798fab1a828dd8012d7e78a927e20eb83834b57cb1408327a2f6db3c3a5eca1027ef0f5564b827235c561f13fc4bc98de3edaedb46f982e708bce94eafef5607d2d30710817bdc607fed88a3636a9dffcf6279b73cdcb6dbbbdd1a10d231dcb54a29372cbef6c4b1f51dd40f1a450c8710b10b857c92a654a8c7bd449d10df36fea30a2a2735ba807f68239a8d7028d9120f59c8247e30627a0160333505454975a770db2ba39b23322119d0bfe45b80b8a1ca96ab8d5a67ff2670cbae8cf1cb77cd9b5538be9879a910a913e2531a7bf84fca962545caf4a603bba109186072caf5e35b9ef253f6a128607c6d60f2c4d179ea3b31b9d3c7b873a73d321650335ff2cc253540f9fc71ef82c4a5fb26db5f2dfbf40c619aab3e177e53eb52776badc1b494d59d453fcd5adde30a23a9174aba31104fade8b341331a7e74596cb3132d83750d12925a32662872bf18b6c01ae50367ed500e8c0e8e1c33cea64ae2d952433cea7f965c48a3bf5a107bc7dbe77dde49abb90517cea1394bc8a1cf3f4415fb8982032706d276eac4d05369dd163696ab167515d680452441ab52aeae88b43f6bdde5622cfe9d094b8da3569f53abdbd53417a946f2d4a5640e97c89982c8fa46182a462e3e85e298ffa1b9918ae2141109e5182326bfed58c8f0c347388438f7a8c29e172a2ffc23bc3cbbf3fb29c0e1ca68723944cb7a90810047f78310f4d2b72e6f0414599a2e7d20f395422050713339e225368cb839498b485b6835d708e55342a6a2810c78cf8156a058bac7ead6f6ddf85e8fe7033cdf1b37fbb4e203e1dfb3c7f70a55246950ed7f0e3863bbf96eae7219c77c8ae565643050c6ff85f5c5513b0a86374415dd5f83168fcef57c6da7395323dffab9da8beecbf6d34302d2dc616deeb43596912eb22df2f0428205ea30c3bcc499b4275b3bb01e461826f3d594c308e987ab49527d11016b7c4893c01e0919aedb7d6958a1c88ad89accf9c89f63c6e4bfaa1b1f", 0xc1f}], 0x1}}], 0x5, 0x8000) 11:56:46 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:56:46 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create1(0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) pipe2(&(0x7f0000000900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000580)=0x14, 0x0) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f00000005c0)={@remote, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @ipv4={[], [], @local}, 0x100000001, 0xfff, 0xd0, 0x0, 0x7, 0x40, r1}) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000180)=""/27, 0x1b, 0x2000, &(0x7f00000001c0)={0x11, 0x6, r1, 0x1, 0x1f, 0x6, @local}, 0x14) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() wait4(r2, 0x0, 0x8, &(0x7f0000000680)) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r3 = open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) r4 = openat$cgroup_subtree(r3, &(0x7f0000000080)='cgroup.subtree_control\x00', 0x2, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) accept4(r5, 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000740)=ANY=[@ANYBLOB="00fb6d0103999de6e493b2734616e3f1b9e2d447e4232622bcc84051736e57ae3f5a8c696c845c6ba351c534dd000000003ea1f316e400456de96d66ea44ade5908a00bf2b79b11f7eeee95b951365459fa1c64f43124df763fe8f25f4e4c7f988bdbbd1709f3bcfb4b7cc3289"], 0x6d, 0x0) r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='\x16\x00', 0x40000, 0x0) ioctl$KDGKBDIACR(r6, 0x4b4a, &(0x7f0000000340)=""/55) lsetxattr$trusted_overlay_upper(&(0x7f0000000400)='./file0\x00', &(0x7f00000007c0)='trusted.overlay.upper\x00', &(0x7f0000000800)={0x0, 0xfb, 0xc6, 0x5, 0x2, "310a9180fa9143120ded0d3e8c304b4e", "8bf8f9537390d048be1145b883122a7b7c61cb347699258d14433b1077b63b81bcae1ccea78ce95e4190d414be0f2c63e4e141309fb3d9e60de5891c3676d63674003fa81aa62482c47c8a84b9ca77808be3924b25ded4b40f086345e8e1056a49dd29a1eb530a3f04891363922f4915bf817cc77a7d71a764c825fa905491b790031c6fa6fb48c6b3dd96687c6a26b026413eb240f91a5808e103dfeda873eab73adfa2ff4511126e16b33d442391c835"}, 0xc6, 0x2) accept4$unix(r6, &(0x7f00000001c0), 0x0, 0x800) ioctl$BLKRESETZONE(r6, 0x40101283, &(0x7f0000000000)={0x3, 0xf27b}) ioctl$FS_IOC_SETFSLABEL(r5, 0x41009432, &(0x7f0000000240)="0a5b413eb19ec7f61663bb12f18154e8213b081e0880629d04874d70bb7505483bc8c5ee9b1d67f0baba3efa6f4442b0324627ffca21cc512a176e9e65b800c11c35b00d49188bade2e3fa5eaa023222e5cdbbadc2de3355af55772f7d7ce1c74594c5f82449ef7f259e3400880556b9e414091220f123840fecd0ceb200f4bef7e6543126aa060107a81fc77b202e9d4a29916a072313296707d990276346045bbb73e92673eefa0a3e6157427d4993b6f7708a3101cead9ca30ad766c89a11ed323ef782e7a1ea078f2b22ff7950e524ef0d5be02090177aaf2360c26de978b77645829e512890742db7a0dcdee7c427a955064402476b3675419de483f961") write$cgroup_subtree(r4, &(0x7f00000004c0)=ANY=[@ANYBLOB="2b7069647320412c5ec7b5d90762f8ba9fe8ee7e083311af7cb115b708409b4e9206cb06735d6d1ff4f4b97587976a4a706aee300fb8e7572bcd829a59c00400002125000000c8818253da71fa1b6b4ed383c004ca276a756a0e6e7c9bda4107b37664c98904cb9639bf4b91d78f4ce4035762ba803bb0aa07717d543e909d253ce3ef52d352ed9e0518d43a170ea8f70daf282682ea5e5a295e9d66f169f0dcd24a3d11c633af74dd3ac2ac46fd62ad075e989e5ab6f14a1d6e8f0d35ea51e18be5672af0b7f39f748ebddb0694fc063c33ad9848bde504b51b6ffbe08bc739b903263f25417d20aae0f4261ac0c2a9308f6f79c9a3d41a849aa6505fdfe3ff62519eec162f6e5124975a08f7fee2776176b8b6fdc2fe437bf7d1100bac7cd1e2e539a168ddb0cff0be478ec28588168512fead72b7fecc4608a3044c0a85b87b036ed97a"], 0x145) write$cgroup_subtree(r4, &(0x7f00000000c0)={[{0x2d, 'pids'}]}, 0x6) 11:56:46 executing program 3: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x8000000000000200) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="00004de800000000"], 0x48}}, 0x0) [ 509.659340][T14906] netlink: 'syz-executor.1': attribute type 8 has an invalid length. [ 509.695290][T14906] netlink: 18 bytes leftover after parsing attributes in process `syz-executor.1'. [ 509.958240][T14910] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 509.968502][T14910] CPU: 0 PID: 14910 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 509.976461][T14910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 509.986548][T14910] Call Trace: [ 509.989930][T14910] dump_stack+0x11d/0x181 [ 509.994257][T14910] dump_header+0xaa/0x449 [ 509.999154][T14910] oom_kill_process.cold+0x10/0x15 [ 510.004284][T14910] out_of_memory+0x231/0xa00 [ 510.008876][T14910] mem_cgroup_out_of_memory+0x128/0x150 [ 510.014425][T14910] try_charge+0xb5c/0xbe0 [ 510.018759][T14910] mem_cgroup_try_charge+0xd2/0x260 [ 510.023965][T14910] mem_cgroup_try_charge_delay+0x3a/0x80 [ 510.029596][T14910] wp_page_copy+0x322/0x1120 [ 510.034194][T14910] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 510.039916][T14910] do_wp_page+0x192/0x11f0 [ 510.044371][T14910] ? __udelay+0x10/0x20 [ 510.048531][T14910] __handle_mm_fault+0x1ab1/0x2c70 [ 510.053689][T14910] handle_mm_fault+0x21b/0x530 [ 510.058504][T14910] __do_page_fault+0x456/0x8d0 [ 510.063387][T14910] ? cgroup_rstat_updated+0xbe/0x1e0 [ 510.068689][T14910] do_page_fault+0x38/0x194 [ 510.073239][T14910] page_fault+0x34/0x40 [ 510.077408][T14910] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 510.084011][T14910] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 510.103828][T14910] RSP: 0018:ffffc90003a9bbc0 EFLAGS: 00010206 [ 510.109885][T14910] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 510.117923][T14910] RDX: 0000000000001000 RSI: ffff88811c9ceb00 RDI: 0000000020f9d000 [ 510.125902][T14910] RBP: ffffc90003a9bbf8 R08: ffff88809b38a100 R09: 000088809b38ac18 [ 510.133863][T14910] R10: 0000000000000000 R11: 000088809b38ac1f R12: 0000000020f9c500 [ 510.142526][T14910] R13: 0000000020f9d500 R14: 0000000000000000 R15: 00007ffffffff000 [ 510.150566][T14910] ? copyout+0xa5/0xb0 [ 510.154630][T14910] copy_page_to_iter+0x254/0x8b0 [ 510.159842][T14910] pipe_to_user+0x71/0xc0 [ 510.164289][T14910] __splice_from_pipe+0x248/0x480 [ 510.169370][T14910] ? iter_to_pipe+0x3f0/0x3f0 [ 510.174050][T14910] do_vmsplice.part.0+0x1c5/0x210 [ 510.179157][T14910] __do_sys_vmsplice+0x15f/0x1c0 [ 510.184099][T14910] ? __read_once_size+0x5a/0xe0 [ 510.189008][T14910] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 510.194731][T14910] ? _copy_to_user+0x84/0xb0 [ 510.199319][T14910] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 510.205592][T14910] ? put_timespec64+0x94/0xc0 [ 510.211388][T14910] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 510.217751][T14910] __x64_sys_vmsplice+0x5e/0x80 [ 510.222600][T14910] do_syscall_64+0xcc/0x370 [ 510.227098][T14910] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 510.232980][T14910] RIP: 0033:0x45a639 [ 510.236881][T14910] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 510.256478][T14910] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 510.264881][T14910] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 510.272858][T14910] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 510.280867][T14910] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 510.288834][T14910] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 510.296797][T14910] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 510.305195][T14910] memory: usage 307200kB, limit 307200kB, failcnt 26154 [ 510.312383][T14910] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 510.319263][T14910] Memory cgroup stats for /syz5: [ 510.319648][T14910] anon 300294144 [ 510.319648][T14910] file 98304 [ 510.319648][T14910] kernel_stack 1179648 [ 510.319648][T14910] slab 2854912 [ 510.319648][T14910] sock 0 [ 510.319648][T14910] shmem 0 [ 510.319648][T14910] file_mapped 0 [ 510.319648][T14910] file_dirty 0 [ 510.319648][T14910] file_writeback 0 [ 510.319648][T14910] anon_thp 283115520 [ 510.319648][T14910] inactive_anon 0 [ 510.319648][T14910] active_anon 300294144 [ 510.319648][T14910] inactive_file 0 [ 510.319648][T14910] active_file 0 [ 510.319648][T14910] unevictable 0 [ 510.319648][T14910] slab_reclaimable 405504 [ 510.319648][T14910] slab_unreclaimable 2449408 [ 510.319648][T14910] pgfault 32406 [ 510.319648][T14910] pgmajfault 0 [ 510.319648][T14910] workingset_refault 0 [ 510.319648][T14910] workingset_activate 0 [ 510.319648][T14910] workingset_nodereclaim 0 [ 510.319648][T14910] pgrefill 18361 [ 510.319648][T14910] pgscan 18396 [ 510.319648][T14910] pgsteal 34 [ 510.319648][T14910] pgactivate 18315 [ 510.415805][T14910] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=14905,uid=0 [ 510.431365][T14910] Memory cgroup out of memory: Killed process 14905 (syz-executor.5) total-vm:72980kB, anon-rss:16004kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:159744kB oom_score_adj:1000 11:56:47 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) [ 510.456995][ T1069] oom_reaper: reaped process 14905 (syz-executor.5), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 11:56:47 executing program 2: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:56:47 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xb00) [ 510.554364][T14926] netlink: 'syz-executor.1': attribute type 8 has an invalid length. [ 510.592596][T14926] netlink: 18 bytes leftover after parsing attributes in process `syz-executor.1'. 11:56:47 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:56:47 executing program 4: r0 = socket(0x10, 0x803, 0x0) process_vm_writev(0x0, 0x0, 0x5, &(0x7f0000000780)=[{&(0x7f00000028c0)=""/224, 0xe0}], 0x1, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000d00)=""/226, 0xe2}], 0x1, 0x0, 0x0, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) 11:56:47 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:56:47 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xc00) 11:56:47 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000012c0)='syz_tun\x00', 0x10) setsockopt$inet_int(r0, 0x0, 0xc, &(0x7f0000000040)=0x2, 0x4) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x62) recvmmsg(r0, &(0x7f0000000240)=[{{0x0, 0xfffffffffffffea7, 0x0, 0x0, 0x0, 0xfffffffffffffec8}}], 0x4000000000002c5, 0x2, 0x0) 11:56:47 executing program 4: r0 = socket(0x10, 0x803, 0x0) process_vm_writev(0x0, 0x0, 0x5, &(0x7f0000000780)=[{&(0x7f00000028c0)=""/224, 0xe0}], 0x1, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000d00)=""/226, 0xe2}], 0x1, 0x0, 0x0, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000c00)=""/251, 0xfb}], 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000001fc0)={0x280, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x18, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_BEARER={0x110, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'caif0\x00'}}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @rand_addr="a6e53038e701b5ba95e0921902d32fc5"}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @mcast1}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_MEDIA={0x38, 0x5, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_BEARER={0x58, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_MEDIA={0x98, 0x5, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}, @TIPC_NLA_BEARER={0x1c, 0x1, [@TIPC_NLA_BEARER_NAME={0x8, 0x1, @l2={'ib', 0x3a, '\x00'}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}]}]}, 0x280}}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) [ 511.159312][T14966] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 511.169574][T14966] CPU: 0 PID: 14966 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 511.177485][T14966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 511.187551][T14966] Call Trace: [ 511.190869][T14966] dump_stack+0x11d/0x181 [ 511.195192][T14966] dump_header+0xaa/0x449 [ 511.199552][T14966] oom_kill_process.cold+0x10/0x15 [ 511.204671][T14966] out_of_memory+0x231/0xa00 [ 511.209267][T14966] mem_cgroup_out_of_memory+0x128/0x150 [ 511.214900][T14966] try_charge+0xb5c/0xbe0 [ 511.219287][T14966] mem_cgroup_try_charge+0xd2/0x260 [ 511.224495][T14966] mem_cgroup_try_charge_delay+0x3a/0x80 [ 511.230185][T14966] wp_page_copy+0x322/0x1120 [ 511.234775][T14966] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 511.240501][T14966] do_wp_page+0x192/0x11f0 [ 511.244975][T14966] __handle_mm_fault+0x1ab1/0x2c70 [ 511.250093][T14966] handle_mm_fault+0x21b/0x530 [ 511.254854][T14966] __do_page_fault+0x456/0x8d0 [ 511.259615][T14966] ? cgroup_rstat_updated+0xbe/0x1e0 [ 511.264943][T14966] do_page_fault+0x38/0x194 [ 511.269454][T14966] page_fault+0x34/0x40 [ 511.273601][T14966] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 511.280246][T14966] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 511.299844][T14966] RSP: 0018:ffffc90000f43bc0 EFLAGS: 00010206 [ 511.305922][T14966] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 511.313956][T14966] RDX: 0000000000001000 RSI: ffff8880a2e67b00 RDI: 000000002094f000 [ 511.321922][T14966] RBP: ffffc90000f43bf8 R08: ffff88811fb8b000 R09: 000088811fb8bb18 [ 511.329894][T14966] R10: 0000000000000000 R11: 000088811fb8bb1f R12: 000000002094e500 [ 511.337866][T14966] R13: 000000002094f500 R14: 0000000000000000 R15: 00007ffffffff000 [ 511.346846][T14966] ? copyout+0xa5/0xb0 [ 511.350914][T14966] copy_page_to_iter+0x254/0x8b0 [ 511.355859][T14966] pipe_to_user+0x71/0xc0 [ 511.360187][T14966] __splice_from_pipe+0x248/0x480 [ 511.365215][T14966] ? iter_to_pipe+0x3f0/0x3f0 [ 511.369990][T14966] do_vmsplice.part.0+0x1c5/0x210 [ 511.375235][T14966] __do_sys_vmsplice+0x15f/0x1c0 [ 511.380214][T14966] ? __read_once_size+0x5a/0xe0 [ 511.385056][T14966] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 511.390766][T14966] ? _copy_to_user+0x84/0xb0 [ 511.395422][T14966] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 511.401655][T14966] ? put_timespec64+0x94/0xc0 [ 511.406418][T14966] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 511.412719][T14966] __x64_sys_vmsplice+0x5e/0x80 [ 511.417641][T14966] do_syscall_64+0xcc/0x370 [ 511.422215][T14966] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 511.428095][T14966] RIP: 0033:0x45a639 [ 511.432006][T14966] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 511.451620][T14966] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 511.460039][T14966] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 511.468007][T14966] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 511.476147][T14966] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 511.484108][T14966] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 511.492081][T14966] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 511.500345][T14966] memory: usage 307184kB, limit 307200kB, failcnt 26198 [ 511.507300][T14966] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 511.514300][T14966] Memory cgroup stats for /syz5: [ 511.514524][T14966] anon 300216320 [ 511.514524][T14966] file 98304 [ 511.514524][T14966] kernel_stack 1216512 [ 511.514524][T14966] slab 2854912 [ 511.514524][T14966] sock 0 [ 511.514524][T14966] shmem 0 [ 511.514524][T14966] file_mapped 0 [ 511.514524][T14966] file_dirty 0 [ 511.514524][T14966] file_writeback 0 [ 511.514524][T14966] anon_thp 283115520 [ 511.514524][T14966] inactive_anon 0 [ 511.514524][T14966] active_anon 300216320 [ 511.514524][T14966] inactive_file 0 [ 511.514524][T14966] active_file 0 [ 511.514524][T14966] unevictable 0 [ 511.514524][T14966] slab_reclaimable 405504 [ 511.514524][T14966] slab_unreclaimable 2449408 [ 511.514524][T14966] pgfault 32934 [ 511.514524][T14966] pgmajfault 0 [ 511.514524][T14966] workingset_refault 0 [ 511.514524][T14966] workingset_activate 0 [ 511.514524][T14966] workingset_nodereclaim 0 [ 511.514524][T14966] pgrefill 18361 [ 511.514524][T14966] pgscan 18396 [ 511.514524][T14966] pgsteal 34 [ 511.514524][T14966] pgactivate 18315 [ 511.611107][T14966] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=14960,uid=0 [ 511.626614][T14966] Memory cgroup out of memory: Killed process 14960 (syz-executor.5) total-vm:72980kB, anon-rss:9608kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 [ 511.648389][ T1069] oom_reaper: reaped process 14960 (syz-executor.5), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 11:56:48 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 511.843242][T14979] raw_sendmsg: syz-executor.3 forgot to set AF_INET. Fix it! 11:56:48 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:56:48 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:56:48 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xd00) 11:56:48 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video35\x00', 0x2, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaa00b000007aaea4c3a"], 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000100)={0x0, 0xffffffff, 0x2, {0x2, @sliced={0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20]}}}) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc058565d, &(0x7f0000000300)={0x0, 0x2, 0x0, {0x0, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20000000}}}) dup2(r2, r1) [ 512.097441][T14989] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 512.107744][T14989] CPU: 0 PID: 14989 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 512.115634][T14989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 512.125736][T14989] Call Trace: [ 512.129029][T14989] dump_stack+0x11d/0x181 [ 512.133489][T14989] dump_header+0xaa/0x449 [ 512.137816][T14989] oom_kill_process.cold+0x10/0x15 [ 512.143007][T14989] out_of_memory+0x231/0xa00 [ 512.147620][T14989] mem_cgroup_out_of_memory+0x128/0x150 [ 512.153323][T14989] try_charge+0xb5c/0xbe0 [ 512.157695][T14989] mem_cgroup_try_charge+0xd2/0x260 [ 512.162992][T14989] mem_cgroup_try_charge_delay+0x3a/0x80 [ 512.168618][T14989] wp_page_copy+0x322/0x1120 [ 512.173207][T14989] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 512.178923][T14989] do_wp_page+0x192/0x11f0 [ 512.183483][T14989] __handle_mm_fault+0x1ab1/0x2c70 [ 512.188609][T14989] handle_mm_fault+0x21b/0x530 [ 512.193369][T14989] __do_page_fault+0x456/0x8d0 [ 512.198140][T14989] ? cgroup_rstat_updated+0xbe/0x1e0 [ 512.203660][T14989] do_page_fault+0x38/0x194 [ 512.208240][T14989] page_fault+0x34/0x40 [ 512.212403][T14989] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 512.219050][T14989] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 512.238793][T14989] RSP: 0018:ffffc90000e6fbc0 EFLAGS: 00010206 [ 512.244859][T14989] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 512.252852][T14989] RDX: 0000000000001000 RSI: ffff88811c9ceb00 RDI: 0000000020951000 [ 512.260909][T14989] RBP: ffffc90000e6fbf8 R08: ffff888122481040 R09: 0000888122481b58 [ 512.268879][T14989] R10: 0000000000000000 R11: 0000888122481b5f R12: 0000000020950500 [ 512.276852][T14989] R13: 0000000020951500 R14: 0000000000000000 R15: 00007ffffffff000 [ 512.284834][T14989] ? copyout+0xa5/0xb0 [ 512.288899][T14989] copy_page_to_iter+0x254/0x8b0 [ 512.293835][T14989] pipe_to_user+0x71/0xc0 [ 512.298160][T14989] __splice_from_pipe+0x248/0x480 [ 512.303176][T14989] ? iter_to_pipe+0x3f0/0x3f0 [ 512.308581][T14989] do_vmsplice.part.0+0x1c5/0x210 [ 512.313602][T14989] __do_sys_vmsplice+0x15f/0x1c0 [ 512.318733][T14989] ? __read_once_size+0x5a/0xe0 [ 512.323579][T14989] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 512.329294][T14989] ? _copy_to_user+0x84/0xb0 [ 512.333879][T14989] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 512.340114][T14989] ? put_timespec64+0x94/0xc0 [ 512.344801][T14989] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 512.351058][T14989] __x64_sys_vmsplice+0x5e/0x80 [ 512.355958][T14989] do_syscall_64+0xcc/0x370 [ 512.360470][T14989] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 512.366350][T14989] RIP: 0033:0x45a639 [ 512.370244][T14989] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 512.389853][T14989] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 512.398268][T14989] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 512.406228][T14989] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 512.414190][T14989] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 512.422223][T14989] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 512.430228][T14989] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 512.438459][T14989] memory: usage 307200kB, limit 307200kB, failcnt 26245 [ 512.445412][T14989] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 512.452645][T14989] Memory cgroup stats for /syz5: [ 512.452970][T14989] anon 300163072 [ 512.452970][T14989] file 98304 [ 512.452970][T14989] kernel_stack 1179648 [ 512.452970][T14989] slab 2854912 [ 512.452970][T14989] sock 0 [ 512.452970][T14989] shmem 0 [ 512.452970][T14989] file_mapped 0 [ 512.452970][T14989] file_dirty 0 [ 512.452970][T14989] file_writeback 0 [ 512.452970][T14989] anon_thp 283115520 [ 512.452970][T14989] inactive_anon 0 [ 512.452970][T14989] active_anon 300163072 [ 512.452970][T14989] inactive_file 0 [ 512.452970][T14989] active_file 0 [ 512.452970][T14989] unevictable 0 [ 512.452970][T14989] slab_reclaimable 405504 [ 512.452970][T14989] slab_unreclaimable 2449408 [ 512.452970][T14989] pgfault 33363 [ 512.452970][T14989] pgmajfault 0 [ 512.452970][T14989] workingset_refault 0 [ 512.452970][T14989] workingset_activate 0 [ 512.452970][T14989] workingset_nodereclaim 0 [ 512.452970][T14989] pgrefill 18361 [ 512.452970][T14989] pgscan 18429 [ 512.452970][T14989] pgsteal 34 11:56:49 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0xa102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000002c0)={@ipv4, 0x0, 0x0, 0x0, 0x5}, 0x20) sendmsg$TIPC_NL_NODE_GET(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000140), 0x1c) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) sendmsg$sock(r2, &(0x7f00000033c0)={&(0x7f0000003040)=@ipx={0x4, 0x0, 0x7, "11f1014050fe", 0xba}, 0x80, &(0x7f0000003300)=[{&(0x7f00000030c0)}, {&(0x7f00000031c0)}, {&(0x7f0000003200)="042b781976e0be5909bd", 0xa}, {0x0}], 0x4, &(0x7f0000003380)}, 0x40000) [ 512.452970][T14989] pgactivate 18315 [ 512.550667][T14989] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=14983,uid=0 [ 512.566740][T14989] Memory cgroup out of memory: Killed process 14983 (syz-executor.5) total-vm:72980kB, anon-rss:9676kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 [ 512.587996][ T1069] oom_reaper: reaped process 14983 (syz-executor.5), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 11:56:49 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 512.691969][T15007] use of bytesused == 0 is deprecated and will be removed in the future, [ 512.751454][T15007] use the actual size instead. 11:56:49 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:56:49 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) add_key$keyring(&(0x7f0000000140)='keyring\x00', 0x0, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f00000000c0)) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000000240)=""/134, &(0x7f0000000300)=0x86) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f00000001c0)={0x0, {0x0, 0x0, 0xa24}}) socket$packet(0x11, 0x3, 0x300) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_ALM_READ(r1, 0x80247008, &(0x7f0000000200)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) sched_getscheduler(0x0) [ 512.952775][T15024] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 512.963100][T15024] CPU: 0 PID: 15024 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 512.970995][T15024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 512.981052][T15024] Call Trace: [ 512.984349][T15024] dump_stack+0x11d/0x181 [ 512.988755][T15024] dump_header+0xaa/0x449 [ 512.993141][T15024] oom_kill_process.cold+0x10/0x15 [ 512.998251][T15024] out_of_memory+0x231/0xa00 [ 513.002849][T15024] mem_cgroup_out_of_memory+0x128/0x150 [ 513.008393][T15024] try_charge+0xb5c/0xbe0 [ 513.012780][T15024] mem_cgroup_try_charge+0xd2/0x260 [ 513.017979][T15024] mem_cgroup_try_charge_delay+0x3a/0x80 [ 513.023609][T15024] wp_page_copy+0x322/0x1120 [ 513.028318][T15024] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 513.034048][T15024] do_wp_page+0x192/0x11f0 [ 513.038458][T15024] ? __udelay+0x10/0x20 [ 513.042607][T15024] ? __paravirt_pgd_alloc+0x10/0x10 [ 513.047899][T15024] __handle_mm_fault+0x1ab1/0x2c70 [ 513.053019][T15024] handle_mm_fault+0x21b/0x530 [ 513.057781][T15024] __do_page_fault+0x456/0x8d0 [ 513.062569][T15024] ? cgroup_rstat_updated+0xbe/0x1e0 [ 513.067922][T15024] do_page_fault+0x38/0x194 [ 513.072420][T15024] page_fault+0x34/0x40 [ 513.076567][T15024] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 513.083250][T15024] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 513.102914][T15024] RSP: 0000:ffffc90000f3bbc0 EFLAGS: 00010206 [ 513.109232][T15024] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 513.117193][T15024] RDX: 0000000000001000 RSI: ffff888099e92b00 RDI: 0000000020951000 [ 513.125153][T15024] RBP: ffffc90000f3bbf8 R08: ffff88809e23a100 R09: 000088809e23ac18 [ 513.133143][T15024] R10: 0000000000000000 R11: 000088809e23ac1f R12: 0000000020950500 [ 513.141105][T15024] R13: 0000000020951500 R14: 0000000000000000 R15: 00007ffffffff000 [ 513.149127][T15024] ? copyout+0xa5/0xb0 [ 513.153191][T15024] copy_page_to_iter+0x254/0x8b0 [ 513.158125][T15024] pipe_to_user+0x71/0xc0 [ 513.162459][T15024] __splice_from_pipe+0x248/0x480 [ 513.167619][T15024] ? iter_to_pipe+0x3f0/0x3f0 [ 513.172392][T15024] do_vmsplice.part.0+0x1c5/0x210 [ 513.177415][T15024] __do_sys_vmsplice+0x15f/0x1c0 [ 513.182444][T15024] ? __read_once_size+0x5a/0xe0 [ 513.187288][T15024] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 513.193048][T15024] ? _copy_to_user+0x84/0xb0 [ 513.197635][T15024] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 513.203900][T15024] ? put_timespec64+0x94/0xc0 [ 513.208614][T15024] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 513.215864][T15024] __x64_sys_vmsplice+0x5e/0x80 [ 513.220710][T15024] do_syscall_64+0xcc/0x370 [ 513.225299][T15024] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 513.231182][T15024] RIP: 0033:0x45a639 [ 513.235073][T15024] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 513.254678][T15024] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 513.263082][T15024] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 513.271611][T15024] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 513.280229][T15024] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 513.288193][T15024] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 513.296209][T15024] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 513.304390][T15024] memory: usage 307200kB, limit 307200kB, failcnt 26298 [ 513.311441][T15024] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 513.318804][T15024] Memory cgroup stats for /syz5: [ 513.319066][T15024] anon 300163072 [ 513.319066][T15024] file 98304 [ 513.319066][T15024] kernel_stack 1216512 [ 513.319066][T15024] slab 2854912 [ 513.319066][T15024] sock 0 [ 513.319066][T15024] shmem 0 [ 513.319066][T15024] file_mapped 0 [ 513.319066][T15024] file_dirty 0 [ 513.319066][T15024] file_writeback 0 [ 513.319066][T15024] anon_thp 283115520 [ 513.319066][T15024] inactive_anon 0 [ 513.319066][T15024] active_anon 300163072 [ 513.319066][T15024] inactive_file 0 [ 513.319066][T15024] active_file 0 [ 513.319066][T15024] unevictable 0 [ 513.319066][T15024] slab_reclaimable 405504 [ 513.319066][T15024] slab_unreclaimable 2449408 [ 513.319066][T15024] pgfault 33759 [ 513.319066][T15024] pgmajfault 0 [ 513.319066][T15024] workingset_refault 0 [ 513.319066][T15024] workingset_activate 0 [ 513.319066][T15024] workingset_nodereclaim 0 11:56:50 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video35\x00', 0x2, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaa00b000007aaea4c3a"], 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000100)={0x0, 0xffffffff, 0x2, {0x2, @sliced={0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20]}}}) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc058565d, &(0x7f0000000300)={0x0, 0x2, 0x0, {0x0, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20000000}}}) dup2(r2, r1) 11:56:50 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) [ 513.319066][T15024] pgrefill 18394 [ 513.319066][T15024] pgscan 18429 [ 513.319066][T15024] pgsteal 34 [ 513.319066][T15024] pgactivate 18348 [ 513.415220][T15024] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15015,uid=0 [ 513.430851][T15024] Memory cgroup out of memory: Killed process 15015 (syz-executor.5) total-vm:72980kB, anon-rss:9608kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 11:56:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xe00) 11:56:50 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 513.568129][ C1] net_ratelimit: 20 callbacks suppressed [ 513.568138][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 513.579794][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 513.585586][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 513.591365][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 513.597153][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 513.602984][ C1] protocol 88fb is buggy, dev hsr_slave_1 11:56:50 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) add_key$keyring(&(0x7f0000000140)='keyring\x00', 0x0, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f00000000c0)) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000000240)=""/134, &(0x7f0000000300)=0x86) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f00000001c0)={0x0, {0x0, 0x0, 0xa24}}) socket$packet(0x11, 0x3, 0x300) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_ALM_READ(r1, 0x80247008, &(0x7f0000000200)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) sched_getscheduler(0x0) [ 513.728135][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 513.733944][ C0] protocol 88fb is buggy, dev hsr_slave_1 11:56:50 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') preadv(r0, &(0x7f0000000100), 0x18d, 0x6c00) 11:56:50 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:56:50 executing program 4: r0 = socket(0x10, 0x803, 0x0) process_vm_writev(0x0, 0x0, 0x5, &(0x7f0000000780)=[{&(0x7f00000028c0)=""/224, 0xe0}], 0x1, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000d00)=""/226, 0xe2}], 0x1, 0x0, 0x0, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000c00)=""/251, 0xfb}], 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000001fc0)={0x290, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x18, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_BEARER={0x110, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'caif0\x00'}}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @rand_addr="a6e53038e701b5ba95e0921902d32fc5"}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @mcast1}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_MEDIA={0x38, 0x5, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_BEARER={0x58, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_MEDIA={0x98, 0x5, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}, @TIPC_NLA_BEARER={0x1c, 0x1, [@TIPC_NLA_BEARER_NAME={0x8, 0x1, @l2={'ib', 0x3a, '\x00'}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}]}, @TIPC_NLA_BEARER={0x10, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x290}}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) 11:56:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xf00) [ 514.339279][T15076] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 514.349538][T15076] CPU: 0 PID: 15076 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 514.357529][T15076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 514.367763][T15076] Call Trace: [ 514.371153][T15076] dump_stack+0x11d/0x181 [ 514.375480][T15076] dump_header+0xaa/0x449 [ 514.379805][T15076] oom_kill_process.cold+0x10/0x15 [ 514.384913][T15076] out_of_memory+0x231/0xa00 [ 514.389505][T15076] mem_cgroup_out_of_memory+0x128/0x150 [ 514.395067][T15076] try_charge+0xb5c/0xbe0 [ 514.399420][T15076] mem_cgroup_try_charge+0xd2/0x260 [ 514.404707][T15076] mem_cgroup_try_charge_delay+0x3a/0x80 [ 514.410426][T15076] wp_page_copy+0x322/0x1120 [ 514.415067][T15076] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 514.420784][T15076] do_wp_page+0x192/0x11f0 [ 514.425192][T15076] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 514.431429][T15076] ? debug_smp_processor_id+0x4c/0x172 [ 514.436936][T15076] __handle_mm_fault+0x1ab1/0x2c70 [ 514.442129][T15076] handle_mm_fault+0x21b/0x530 [ 514.446967][T15076] __do_page_fault+0x456/0x8d0 [ 514.451735][T15076] ? cgroup_rstat_updated+0xbe/0x1e0 [ 514.457069][T15076] do_page_fault+0x38/0x194 [ 514.461733][T15076] page_fault+0x34/0x40 [ 514.465882][T15076] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 514.472508][T15076] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 514.492112][T15076] RSP: 0018:ffffc900011afbc0 EFLAGS: 00010206 [ 514.498234][T15076] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 514.506208][T15076] RDX: 0000000000001000 RSI: ffff88809dcd6b00 RDI: 000000002094a000 [ 514.514216][T15076] RBP: ffffc900011afbf8 R08: ffff88809e23a100 R09: 000088809e23ac18 [ 514.522255][T15076] R10: 0000000000000000 R11: 000088809e23ac1f R12: 0000000020949500 [ 514.530217][T15076] R13: 000000002094a500 R14: 0000000000000000 R15: 00007ffffffff000 [ 514.538273][T15076] ? copyout+0xa5/0xb0 [ 514.542339][T15076] copy_page_to_iter+0x254/0x8b0 [ 514.547275][T15076] pipe_to_user+0x71/0xc0 [ 514.551596][T15076] __splice_from_pipe+0x248/0x480 [ 514.556675][T15076] ? iter_to_pipe+0x3f0/0x3f0 [ 514.561360][T15076] do_vmsplice.part.0+0x1c5/0x210 [ 514.566410][T15076] __do_sys_vmsplice+0x15f/0x1c0 [ 514.571413][T15076] ? __read_once_size+0x5a/0xe0 [ 514.576387][T15076] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 514.582178][T15076] ? _copy_to_user+0x84/0xb0 [ 514.586775][T15076] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 514.593025][T15076] ? put_timespec64+0x94/0xc0 [ 514.597698][T15076] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 514.603999][T15076] __x64_sys_vmsplice+0x5e/0x80 [ 514.608847][T15076] do_syscall_64+0xcc/0x370 [ 514.613417][T15076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 514.619298][T15076] RIP: 0033:0x45a639 [ 514.623198][T15076] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 514.642793][T15076] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 514.651223][T15076] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 514.659338][T15076] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 514.667391][T15076] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 514.675351][T15076] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 11:56:51 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) [ 514.683312][T15076] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 514.691509][T15076] memory: usage 307200kB, limit 307200kB, failcnt 26339 [ 514.698165][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 514.698557][T15076] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 514.704311][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 514.711118][T15076] Memory cgroup stats for /syz5: [ 514.711389][T15076] anon 300163072 [ 514.711389][T15076] file 98304 [ 514.711389][T15076] kernel_stack 1179648 [ 514.711389][T15076] slab 2854912 [ 514.711389][T15076] sock 0 [ 514.711389][T15076] shmem 0 11:56:51 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x80001, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x44442, 0x0) 11:56:51 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) open(0x0, 0x0, 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000000240)=""/134, &(0x7f0000000300)=0x86) ioctl$UI_ABS_SETUP(r0, 0x401c5504, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_ALM_READ(r3, 0x80247008, &(0x7f0000000200)) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) pivot_root(&(0x7f0000000340)='./file0\x00', 0x0) getsockname$packet(r2, 0x0, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)}, 0x0) socket$nl_route(0x10, 0x3, 0x0) [ 514.711389][T15076] file_mapped 0 [ 514.711389][T15076] file_dirty 0 [ 514.711389][T15076] file_writeback 0 [ 514.711389][T15076] anon_thp 283115520 [ 514.711389][T15076] inactive_anon 0 [ 514.711389][T15076] active_anon 300163072 [ 514.711389][T15076] inactive_file 0 [ 514.711389][T15076] active_file 0 [ 514.711389][T15076] unevictable 0 [ 514.711389][T15076] slab_reclaimable 405504 [ 514.711389][T15076] slab_unreclaimable 2449408 [ 514.711389][T15076] pgfault 34254 [ 514.711389][T15076] pgmajfault 0 [ 514.711389][T15076] workingset_refault 0 [ 514.711389][T15076] workingset_activate 0 [ 514.711389][T15076] workingset_nodereclaim 0 [ 514.711389][T15076] pgrefill 18394 [ 514.711389][T15076] pgscan 18429 [ 514.711389][T15076] pgsteal 34 [ 514.711389][T15076] pgactivate 18348 [ 514.812870][T15076] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15084,uid=0 [ 514.828425][T15076] Memory cgroup out of memory: Killed process 15084 (syz-executor.5) total-vm:72980kB, anon-rss:9608kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 [ 514.850518][ T1069] oom_reaper: reaped process 15084 (syz-executor.5), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 11:56:51 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:56:51 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:56:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xf78) 11:56:51 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000080)={0x0}) ioctl$DRM_IOCTL_LOCK(r1, 0x4008642a, &(0x7f0000000100)={r2}) [ 515.233057][T15106] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 515.243376][T15106] CPU: 1 PID: 15106 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 515.251269][T15106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 515.261328][T15106] Call Trace: [ 515.264637][T15106] dump_stack+0x11d/0x181 [ 515.269014][T15106] dump_header+0xaa/0x449 [ 515.273381][T15106] oom_kill_process.cold+0x10/0x15 [ 515.278580][T15106] out_of_memory+0x231/0xa00 [ 515.283282][T15106] mem_cgroup_out_of_memory+0x128/0x150 [ 515.288834][T15106] try_charge+0xb5c/0xbe0 [ 515.293291][T15106] mem_cgroup_try_charge+0xd2/0x260 [ 515.298514][T15106] mem_cgroup_try_charge_delay+0x3a/0x80 [ 515.304166][T15106] wp_page_copy+0x322/0x1120 [ 515.308778][T15106] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 515.314526][T15106] do_wp_page+0x192/0x11f0 [ 515.319131][T15106] ? __handle_mm_fault+0x92f/0x2c70 [ 515.324348][T15106] __handle_mm_fault+0x1ab1/0x2c70 [ 515.329514][T15106] handle_mm_fault+0x21b/0x530 [ 515.334287][T15106] __do_page_fault+0x456/0x8d0 [ 515.339062][T15106] ? cgroup_rstat_updated+0xbe/0x1e0 [ 515.344415][T15106] do_page_fault+0x38/0x194 [ 515.348928][T15106] page_fault+0x34/0x40 [ 515.353083][T15106] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 515.359672][T15106] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 515.379293][T15106] RSP: 0018:ffffc9000133fbc0 EFLAGS: 00010206 [ 515.385414][T15106] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 515.393378][T15106] RDX: 0000000000001000 RSI: ffff88811c9ccb00 RDI: 000000002094d000 [ 515.401340][T15106] RBP: ffffc9000133fbf8 R08: ffff8880a7078000 R09: 00008880a7078b18 [ 515.409404][T15106] R10: 0000000000000000 R11: 00008880a7078b1f R12: 000000002094c500 [ 515.417368][T15106] R13: 000000002094d500 R14: 0000000000000000 R15: 00007ffffffff000 [ 515.425409][T15106] ? copyout+0xa5/0xb0 [ 515.429564][T15106] copy_page_to_iter+0x254/0x8b0 [ 515.434563][T15106] pipe_to_user+0x71/0xc0 [ 515.439024][T15106] __splice_from_pipe+0x248/0x480 [ 515.444041][T15106] ? iter_to_pipe+0x3f0/0x3f0 [ 515.448713][T15106] do_vmsplice.part.0+0x1c5/0x210 [ 515.453807][T15106] __do_sys_vmsplice+0x15f/0x1c0 [ 515.458805][T15106] ? __read_once_size+0x5a/0xe0 [ 515.463651][T15106] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 515.469367][T15106] ? _copy_to_user+0x84/0xb0 [ 515.473955][T15106] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 515.480186][T15106] ? put_timespec64+0x94/0xc0 [ 515.484913][T15106] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 515.491151][T15106] __x64_sys_vmsplice+0x5e/0x80 [ 515.495999][T15106] do_syscall_64+0xcc/0x370 [ 515.500504][T15106] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 515.506416][T15106] RIP: 0033:0x45a639 [ 515.510391][T15106] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 515.529995][T15106] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 515.538674][T15106] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 515.546651][T15106] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 515.554624][T15106] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 515.562588][T15106] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 515.570677][T15106] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 515.579117][T15106] memory: usage 307200kB, limit 307200kB, failcnt 26368 [ 515.586175][T15106] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 515.593070][T15106] Memory cgroup stats for /syz5: [ 515.593320][T15106] anon 300216320 [ 515.593320][T15106] file 98304 [ 515.593320][T15106] kernel_stack 1179648 [ 515.593320][T15106] slab 2854912 [ 515.593320][T15106] sock 0 [ 515.593320][T15106] shmem 0 [ 515.593320][T15106] file_mapped 0 [ 515.593320][T15106] file_dirty 0 [ 515.593320][T15106] file_writeback 0 [ 515.593320][T15106] anon_thp 283115520 [ 515.593320][T15106] inactive_anon 0 [ 515.593320][T15106] active_anon 300216320 [ 515.593320][T15106] inactive_file 0 [ 515.593320][T15106] active_file 0 [ 515.593320][T15106] unevictable 0 [ 515.593320][T15106] slab_reclaimable 405504 [ 515.593320][T15106] slab_unreclaimable 2449408 [ 515.593320][T15106] pgfault 34683 [ 515.593320][T15106] pgmajfault 0 [ 515.593320][T15106] workingset_refault 0 [ 515.593320][T15106] workingset_activate 0 [ 515.593320][T15106] workingset_nodereclaim 0 [ 515.593320][T15106] pgrefill 18394 [ 515.593320][T15106] pgscan 18429 [ 515.593320][T15106] pgsteal 34 [ 515.593320][T15106] pgactivate 18348 [ 515.689761][T15106] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15095,uid=0 [ 515.705490][T15106] Memory cgroup out of memory: Killed process 15095 (syz-executor.5) total-vm:72980kB, anon-rss:9608kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 11:56:52 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:56:52 executing program 1: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:56:52 executing program 4: open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) r0 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) ftruncate(r0, 0x3bb7) 11:56:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xf7c) [ 516.020018][ T25] audit: type=1804 audit(1574251012.839:74): pid=15130 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir097446158/syzkaller.5tdNCF/233/bus" dev="sda1" ino=16602 res=1 11:56:52 executing program 1: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:56:52 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:56:52 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:56:53 executing program 3: 11:56:53 executing program 1: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) [ 516.286350][ T25] audit: type=1804 audit(1574251013.099:75): pid=15139 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir097446158/syzkaller.5tdNCF/233/bus" dev="sda1" ino=16602 res=1 [ 516.420044][T15164] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 516.430295][T15164] CPU: 1 PID: 15164 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 516.438179][T15164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 516.448231][T15164] Call Trace: [ 516.451693][T15164] dump_stack+0x11d/0x181 [ 516.456036][T15164] dump_header+0xaa/0x449 [ 516.460384][T15164] oom_kill_process.cold+0x10/0x15 [ 516.465510][T15164] out_of_memory+0x231/0xa00 [ 516.470119][T15164] mem_cgroup_out_of_memory+0x128/0x150 [ 516.475677][T15164] try_charge+0xb5c/0xbe0 [ 516.480044][T15164] mem_cgroup_try_charge+0xd2/0x260 [ 516.485341][T15164] mem_cgroup_try_charge_delay+0x3a/0x80 [ 516.491007][T15164] wp_page_copy+0x322/0x1120 [ 516.495625][T15164] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 516.501538][T15164] do_wp_page+0x192/0x11f0 [ 516.505988][T15164] ? __udelay+0x10/0x20 [ 516.510159][T15164] ? __paravirt_pgd_alloc+0x10/0x10 [ 516.515384][T15164] __handle_mm_fault+0x1ab1/0x2c70 [ 516.520522][T15164] handle_mm_fault+0x21b/0x530 [ 516.525312][T15164] __do_page_fault+0x456/0x8d0 [ 516.530166][T15164] ? cgroup_rstat_updated+0xbe/0x1e0 [ 516.535466][T15164] do_page_fault+0x38/0x194 [ 516.539982][T15164] page_fault+0x34/0x40 [ 516.544145][T15164] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 516.550753][T15164] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 516.570641][T15164] RSP: 0018:ffffc9000168bbc0 EFLAGS: 00010206 [ 516.576720][T15164] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 516.584764][T15164] RDX: 0000000000001000 RSI: ffff88811c9c9b00 RDI: 000000002010d000 [ 516.592744][T15164] RBP: ffffc9000168bbf8 R08: ffff888099e1a000 R09: 0000888099e1ab18 [ 516.600747][T15164] R10: 0000000000000000 R11: 0000888099e1ab1f R12: 000000002010c500 [ 516.608729][T15164] R13: 000000002010d500 R14: 0000000000000000 R15: 00007ffffffff000 [ 516.616779][T15164] ? copyout+0xa5/0xb0 [ 516.620928][T15164] copy_page_to_iter+0x254/0x8b0 [ 516.627016][T15164] pipe_to_user+0x71/0xc0 [ 516.631363][T15164] __splice_from_pipe+0x248/0x480 [ 516.636405][T15164] ? iter_to_pipe+0x3f0/0x3f0 [ 516.641211][T15164] do_vmsplice.part.0+0x1c5/0x210 [ 516.646420][T15164] __do_sys_vmsplice+0x15f/0x1c0 [ 516.651405][T15164] ? __read_once_size+0x5a/0xe0 [ 516.656270][T15164] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 516.661995][T15164] ? _copy_to_user+0x84/0xb0 [ 516.666617][T15164] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 516.672864][T15164] ? put_timespec64+0x94/0xc0 [ 516.677557][T15164] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 516.684070][T15164] __x64_sys_vmsplice+0x5e/0x80 [ 516.689059][T15164] do_syscall_64+0xcc/0x370 [ 516.693569][T15164] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 516.699551][T15164] RIP: 0033:0x45a639 [ 516.703471][T15164] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 516.723085][T15164] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 516.731527][T15164] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 516.739493][T15164] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 516.747457][T15164] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 516.755421][T15164] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 516.763441][T15164] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 516.771821][T15164] memory: usage 307200kB, limit 307200kB, failcnt 26392 [ 516.778858][T15164] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 516.785698][T15164] Memory cgroup stats for /syz5: [ 516.785882][T15164] anon 300089344 [ 516.785882][T15164] file 98304 [ 516.785882][T15164] kernel_stack 1179648 [ 516.785882][T15164] slab 2854912 [ 516.785882][T15164] sock 0 [ 516.785882][T15164] shmem 0 [ 516.785882][T15164] file_mapped 0 [ 516.785882][T15164] file_dirty 0 [ 516.785882][T15164] file_writeback 0 [ 516.785882][T15164] anon_thp 283115520 [ 516.785882][T15164] inactive_anon 0 [ 516.785882][T15164] active_anon 300089344 [ 516.785882][T15164] inactive_file 0 [ 516.785882][T15164] active_file 0 [ 516.785882][T15164] unevictable 0 [ 516.785882][T15164] slab_reclaimable 405504 [ 516.785882][T15164] slab_unreclaimable 2449408 [ 516.785882][T15164] pgfault 35343 [ 516.785882][T15164] pgmajfault 0 [ 516.785882][T15164] workingset_refault 0 [ 516.785882][T15164] workingset_activate 0 [ 516.785882][T15164] workingset_nodereclaim 0 [ 516.785882][T15164] pgrefill 18394 11:56:53 executing program 3: 11:56:53 executing program 4: 11:56:53 executing program 1: r0 = socket$kcm(0x10, 0x0, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) [ 516.785882][T15164] pgscan 18429 [ 516.785882][T15164] pgsteal 34 [ 516.785882][T15164] pgactivate 18348 [ 516.881839][T15164] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15144,uid=0 [ 516.897472][T15164] Memory cgroup out of memory: Killed process 15144 (syz-executor.5) total-vm:72980kB, anon-rss:8372kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 11:56:53 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:56:53 executing program 1: r0 = socket$kcm(0x10, 0x0, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:56:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x10d8) 11:56:53 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000040)={0x0, 0x0, 0x200}, 0x20) r4 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x200004) sendfile(r0, r4, 0x0, 0x80001d00c0d0) 11:56:53 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000500)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_DEASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x4040ae72, &(0x7f0000000080)={0xffffffc1, 0x90}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:56:54 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) [ 517.301857][T15197] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 517.312204][T15197] CPU: 1 PID: 15197 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 517.320127][T15197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 517.330366][T15197] Call Trace: [ 517.333665][T15197] dump_stack+0x11d/0x181 [ 517.338138][T15197] dump_header+0xaa/0x449 [ 517.342672][T15197] oom_kill_process.cold+0x10/0x15 [ 517.347798][T15197] out_of_memory+0x231/0xa00 [ 517.352431][T15197] mem_cgroup_out_of_memory+0x128/0x150 [ 517.357992][T15197] try_charge+0xb5c/0xbe0 [ 517.362357][T15197] mem_cgroup_try_charge+0xd2/0x260 [ 517.367590][T15197] mem_cgroup_try_charge_delay+0x3a/0x80 [ 517.373228][T15197] wp_page_copy+0x322/0x1120 [ 517.377908][T15197] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 517.383640][T15197] do_wp_page+0x192/0x11f0 [ 517.388060][T15197] ? __udelay+0x10/0x20 [ 517.392223][T15197] __handle_mm_fault+0x1ab1/0x2c70 [ 517.397439][T15197] handle_mm_fault+0x21b/0x530 [ 517.402215][T15197] __do_page_fault+0x456/0x8d0 [ 517.407193][T15197] ? cgroup_rstat_updated+0xbe/0x1e0 [ 517.412555][T15197] do_page_fault+0x38/0x194 [ 517.417071][T15197] page_fault+0x34/0x40 [ 517.421265][T15197] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 517.427961][T15197] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 517.447655][T15197] RSP: 0000:ffffc9000179fbc0 EFLAGS: 00010206 [ 517.453784][T15197] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 517.461875][T15197] RDX: 0000000000001000 RSI: ffff88811c03cb00 RDI: 0000000020505000 [ 517.469923][T15197] RBP: ffffc9000179fbf8 R08: ffff8880a70470c0 R09: 00008880a7047bd8 [ 517.477959][T15197] R10: 0000000000000001 R11: 00008880a7047bdf R12: 0000000020504500 [ 517.485927][T15197] R13: 0000000020505500 R14: 0000000000000000 R15: 00007ffffffff000 [ 517.493909][T15197] ? copyout+0xa5/0xb0 [ 517.497972][T15197] copy_page_to_iter+0x254/0x8b0 [ 517.502918][T15197] pipe_to_user+0x71/0xc0 [ 517.507243][T15197] __splice_from_pipe+0x248/0x480 [ 517.512258][T15197] ? iter_to_pipe+0x3f0/0x3f0 [ 517.516930][T15197] do_vmsplice.part.0+0x1c5/0x210 [ 517.522126][T15197] __do_sys_vmsplice+0x15f/0x1c0 [ 517.527069][T15197] ? __read_once_size+0x5a/0xe0 [ 517.531924][T15197] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 517.537643][T15197] ? _copy_to_user+0x84/0xb0 [ 517.542257][T15197] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 517.548641][T15197] ? put_timespec64+0x94/0xc0 [ 517.553310][T15197] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 517.559571][T15197] __x64_sys_vmsplice+0x5e/0x80 [ 517.564417][T15197] do_syscall_64+0xcc/0x370 [ 517.569004][T15197] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 517.574888][T15197] RIP: 0033:0x45a639 [ 517.578784][T15197] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 517.598390][T15197] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 517.606794][T15197] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 517.614867][T15197] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 517.622830][T15197] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 517.630797][T15197] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 517.638772][T15197] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff 11:56:54 executing program 1: r0 = socket$kcm(0x10, 0x0, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:56:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1100) [ 517.647559][T15197] memory: usage 307200kB, limit 307200kB, failcnt 26423 [ 517.654534][T15197] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 517.661689][T15197] Memory cgroup stats for /syz5: [ 517.661866][T15197] anon 299950080 [ 517.661866][T15197] file 98304 [ 517.661866][T15197] kernel_stack 1216512 [ 517.661866][T15197] slab 2854912 [ 517.661866][T15197] sock 0 [ 517.661866][T15197] shmem 0 [ 517.661866][T15197] file_mapped 0 [ 517.661866][T15197] file_dirty 0 [ 517.661866][T15197] file_writeback 0 [ 517.661866][T15197] anon_thp 281018368 [ 517.661866][T15197] inactive_anon 0 [ 517.661866][T15197] active_anon 299950080 [ 517.661866][T15197] inactive_file 0 [ 517.661866][T15197] active_file 0 [ 517.661866][T15197] unevictable 0 [ 517.661866][T15197] slab_reclaimable 405504 [ 517.661866][T15197] slab_unreclaimable 2449408 [ 517.661866][T15197] pgfault 36168 [ 517.661866][T15197] pgmajfault 0 [ 517.661866][T15197] workingset_refault 0 [ 517.661866][T15197] workingset_activate 0 [ 517.661866][T15197] workingset_nodereclaim 0 [ 517.661866][T15197] pgrefill 18394 [ 517.661866][T15197] pgscan 18429 [ 517.661866][T15197] pgsteal 34 [ 517.661866][T15197] pgactivate 18348 [ 517.758130][T15197] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10029,uid=0 [ 517.773810][T15197] Memory cgroup out of memory: Killed process 10029 (syz-executor.5) total-vm:72980kB, anon-rss:8372kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 11:56:54 executing program 4: openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000240)='.\x00', 0xc0000080) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000480), 0x2, &(0x7f00000004c0)={&(0x7f00000008c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x800}, 0x0) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f00000002c0)=ANY=[@ANYBLOB="53e8f7c8502332c6a200"], 0x4) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x29) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000080)=0xcb, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) connect$inet6(r1, &(0x7f0000000080)={0xa, 0xfffc, 0x0, @remote, 0x6}, 0xfffffffffffffe33) socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000cc2fed)="130000003e0005ffffe3ffbd000026180a3f", 0x12) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) sendto$inet(r2, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac", 0x8293, 0x4000002, 0x0, 0x27) 11:56:54 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:56:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1200) 11:56:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:56:55 executing program 4: 11:56:55 executing program 3: 11:56:55 executing program 4: 11:56:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:56:55 executing program 4: 11:56:55 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:56:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1300) 11:56:55 executing program 3: 11:56:55 executing program 4: [ 518.848180][ C1] net_ratelimit: 22 callbacks suppressed [ 518.848190][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 518.859640][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 518.865406][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 518.871714][ C1] protocol 88fb is buggy, dev hsr_slave_1 11:56:55 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:56:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:56:55 executing program 3: 11:56:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1400) 11:56:55 executing program 4: 11:56:55 executing program 3: 11:56:56 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:56:56 executing program 4: [ 519.495913][T15308] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 519.506163][T15308] CPU: 1 PID: 15308 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 519.514056][T15308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 519.524224][T15308] Call Trace: [ 519.527558][T15308] dump_stack+0x11d/0x181 [ 519.531887][T15308] dump_header+0xaa/0x449 [ 519.536279][T15308] oom_kill_process.cold+0x10/0x15 [ 519.541491][T15308] out_of_memory+0x231/0xa00 [ 519.546237][T15308] mem_cgroup_out_of_memory+0x128/0x150 [ 519.551784][T15308] try_charge+0xb5c/0xbe0 [ 519.556129][T15308] mem_cgroup_try_charge+0xd2/0x260 [ 519.561376][T15308] mem_cgroup_try_charge_delay+0x3a/0x80 [ 519.567085][T15308] wp_page_copy+0x322/0x1120 [ 519.571681][T15308] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 519.578049][T15308] do_wp_page+0x192/0x11f0 [ 519.582483][T15308] ? __udelay+0x10/0x20 [ 519.586707][T15308] ? __paravirt_pgd_alloc+0x10/0x10 [ 519.591936][T15308] __handle_mm_fault+0x1ab1/0x2c70 [ 519.597057][T15308] handle_mm_fault+0x21b/0x530 [ 519.601878][T15308] __do_page_fault+0x456/0x8d0 [ 519.606703][T15308] ? cgroup_rstat_updated+0xbe/0x1e0 [ 519.612011][T15308] do_page_fault+0x38/0x194 [ 519.616509][T15308] page_fault+0x34/0x40 [ 519.620660][T15308] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 519.627262][T15308] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 519.646912][T15308] RSP: 0018:ffffc900010e3bc0 EFLAGS: 00010206 [ 519.652985][T15308] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 519.660992][T15308] RDX: 0000000000001000 RSI: ffff8880a787db00 RDI: 000000002006d000 [ 519.669046][T15308] RBP: ffffc900010e3bf8 R08: ffff888097d6e0c0 R09: 0000888097d6ebd8 [ 519.677025][T15308] R10: 0000000000000000 R11: 0000888097d6ebdf R12: 000000002006c500 [ 519.684988][T15308] R13: 000000002006d500 R14: 0000000000000000 R15: 00007ffffffff000 [ 519.693167][T15308] ? copyout+0xa5/0xb0 [ 519.697230][T15308] copy_page_to_iter+0x254/0x8b0 [ 519.702167][T15308] pipe_to_user+0x71/0xc0 [ 519.706492][T15308] __splice_from_pipe+0x248/0x480 [ 519.711578][T15308] ? iter_to_pipe+0x3f0/0x3f0 [ 519.716364][T15308] do_vmsplice.part.0+0x1c5/0x210 [ 519.721387][T15308] __do_sys_vmsplice+0x15f/0x1c0 [ 519.726373][T15308] ? __read_once_size+0x5a/0xe0 [ 519.731219][T15308] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 519.737007][T15308] ? _copy_to_user+0x84/0xb0 [ 519.741595][T15308] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 519.747922][T15308] ? put_timespec64+0x94/0xc0 [ 519.752594][T15308] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 519.758832][T15308] __x64_sys_vmsplice+0x5e/0x80 [ 519.763752][T15308] do_syscall_64+0xcc/0x370 [ 519.768271][T15308] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 519.774155][T15308] RIP: 0033:0x45a639 [ 519.778051][T15308] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 519.797694][T15308] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 519.806559][T15308] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 519.814522][T15308] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 519.822502][T15308] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 519.830467][T15308] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 519.838482][T15308] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 519.847707][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 519.853497][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 519.859297][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 519.865051][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 519.870827][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 519.876572][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 519.882357][T15308] memory: usage 307200kB, limit 307200kB, failcnt 26480 [ 519.889325][T15308] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 519.896158][T15308] Memory cgroup stats for /syz5: [ 519.896331][T15308] anon 299966464 [ 519.896331][T15308] file 98304 [ 519.896331][T15308] kernel_stack 1253376 [ 519.896331][T15308] slab 2854912 [ 519.896331][T15308] sock 0 [ 519.896331][T15308] shmem 0 [ 519.896331][T15308] file_mapped 0 [ 519.896331][T15308] file_dirty 0 [ 519.896331][T15308] file_writeback 0 [ 519.896331][T15308] anon_thp 281018368 [ 519.896331][T15308] inactive_anon 0 [ 519.896331][T15308] active_anon 299966464 [ 519.896331][T15308] inactive_file 0 [ 519.896331][T15308] active_file 0 [ 519.896331][T15308] unevictable 0 [ 519.896331][T15308] slab_reclaimable 405504 [ 519.896331][T15308] slab_unreclaimable 2449408 [ 519.896331][T15308] pgfault 36894 [ 519.896331][T15308] pgmajfault 0 [ 519.896331][T15308] workingset_refault 0 [ 519.896331][T15308] workingset_activate 0 [ 519.896331][T15308] workingset_nodereclaim 0 [ 519.896331][T15308] pgrefill 18394 [ 519.896331][T15308] pgscan 18462 [ 519.896331][T15308] pgsteal 34 [ 519.896331][T15308] pgactivate 18348 [ 519.992508][T15308] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9841,uid=0 [ 520.009014][T15308] Memory cgroup out of memory: Killed process 9841 (syz-executor.5) total-vm:72980kB, anon-rss:8372kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 520.031259][T15308] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 520.041443][T15308] CPU: 1 PID: 15308 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 520.049359][T15308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 520.059415][T15308] Call Trace: [ 520.062706][T15308] dump_stack+0x11d/0x181 [ 520.067168][T15308] dump_header+0xaa/0x449 [ 520.071513][T15308] oom_kill_process.cold+0x10/0x15 [ 520.076635][T15308] out_of_memory+0x231/0xa00 [ 520.081227][T15308] mem_cgroup_out_of_memory+0x128/0x150 [ 520.086772][T15308] try_charge+0xb5c/0xbe0 [ 520.091123][T15308] mem_cgroup_try_charge+0xd2/0x260 [ 520.096400][T15308] mem_cgroup_try_charge_delay+0x3a/0x80 [ 520.102050][T15308] wp_page_copy+0x322/0x1120 [ 520.106655][T15308] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 520.112409][T15308] do_wp_page+0x192/0x11f0 [ 520.116829][T15308] ? check_preempt_curr_rt+0x10d/0x120 [ 520.122330][T15308] __handle_mm_fault+0x1ab1/0x2c70 [ 520.127485][T15308] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 520.133757][T15308] handle_mm_fault+0x21b/0x530 [ 520.138521][T15308] __do_page_fault+0x456/0x8d0 [ 520.143280][T15308] do_page_fault+0x38/0x194 [ 520.147777][T15308] page_fault+0x34/0x40 [ 520.151925][T15308] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 520.158553][T15308] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 520.178182][T15308] RSP: 0018:ffffc900010e3bc0 EFLAGS: 00010206 [ 520.184410][T15308] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 520.192375][T15308] RDX: 0000000000001000 RSI: ffff8880a787db00 RDI: 0000000020075000 [ 520.200338][T15308] RBP: ffffc900010e3bf8 R08: ffff888097d6e0c0 R09: 0000888097d6ebd8 [ 520.208301][T15308] R10: 0000000000000001 R11: 0000888097d6ebdf R12: 0000000020074500 [ 520.216351][T15308] R13: 0000000020075500 R14: 0000000000000000 R15: 00007ffffffff000 [ 520.224333][T15308] ? copyout+0xa5/0xb0 [ 520.228451][T15308] copy_page_to_iter+0x254/0x8b0 [ 520.233384][T15308] pipe_to_user+0x71/0xc0 [ 520.237710][T15308] __splice_from_pipe+0x248/0x480 [ 520.242726][T15308] ? iter_to_pipe+0x3f0/0x3f0 [ 520.247516][T15308] do_vmsplice.part.0+0x1c5/0x210 [ 520.252541][T15308] __do_sys_vmsplice+0x15f/0x1c0 [ 520.257493][T15308] ? __read_once_size+0x5a/0xe0 [ 520.262345][T15308] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 520.268058][T15308] ? _copy_to_user+0x84/0xb0 [ 520.272725][T15308] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 520.279030][T15308] ? put_timespec64+0x94/0xc0 [ 520.283698][T15308] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 520.290069][T15308] __x64_sys_vmsplice+0x5e/0x80 [ 520.294926][T15308] do_syscall_64+0xcc/0x370 [ 520.299435][T15308] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 520.305320][T15308] RIP: 0033:0x45a639 [ 520.309213][T15308] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 520.329085][T15308] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 520.337490][T15308] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 520.345832][T15308] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 520.353807][T15308] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 520.361813][T15308] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 520.369858][T15308] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 520.377941][T15308] memory: usage 307200kB, limit 307200kB, failcnt 26506 [ 520.384907][T15308] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 520.391754][T15308] Memory cgroup stats for /syz5: [ 520.392019][T15308] anon 299966464 [ 520.392019][T15308] file 98304 [ 520.392019][T15308] kernel_stack 1253376 [ 520.392019][T15308] slab 2854912 [ 520.392019][T15308] sock 0 [ 520.392019][T15308] shmem 0 [ 520.392019][T15308] file_mapped 0 [ 520.392019][T15308] file_dirty 0 [ 520.392019][T15308] file_writeback 0 [ 520.392019][T15308] anon_thp 281018368 [ 520.392019][T15308] inactive_anon 0 [ 520.392019][T15308] active_anon 299966464 [ 520.392019][T15308] inactive_file 0 [ 520.392019][T15308] active_file 0 [ 520.392019][T15308] unevictable 0 [ 520.392019][T15308] slab_reclaimable 405504 [ 520.392019][T15308] slab_unreclaimable 2449408 [ 520.392019][T15308] pgfault 36894 [ 520.392019][T15308] pgmajfault 0 [ 520.392019][T15308] workingset_refault 0 [ 520.392019][T15308] workingset_activate 0 [ 520.392019][T15308] workingset_nodereclaim 0 [ 520.392019][T15308] pgrefill 18427 [ 520.392019][T15308] pgscan 18462 [ 520.392019][T15308] pgsteal 34 [ 520.392019][T15308] pgactivate 18348 [ 520.488106][T15308] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9709,uid=0 [ 520.504367][T15308] Memory cgroup out of memory: Killed process 9709 (syz-executor.5) total-vm:72980kB, anon-rss:8372kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 521.626958][ T1069] oom_reaper: reaped process 9709 (syz-executor.5), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 11:56:58 executing program 4: 11:56:58 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:56:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1500) 11:56:58 executing program 3: 11:56:58 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:56:58 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:56:58 executing program 4: 11:56:58 executing program 3: 11:56:58 executing program 4: 11:56:58 executing program 3: 11:56:59 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:56:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1600) 11:56:59 executing program 4: 11:56:59 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:56:59 executing program 4: 11:56:59 executing program 3: 11:56:59 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:56:59 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:56:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1700) 11:56:59 executing program 3: 11:56:59 executing program 4: 11:57:00 executing program 3: 11:57:00 executing program 4: 11:57:00 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:00 executing program 3: 11:57:00 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1800) 11:57:00 executing program 4: 11:57:00 executing program 3: 11:57:00 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:00 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:00 executing program 3: 11:57:00 executing program 4: [ 523.968141][ C1] net_ratelimit: 18 callbacks suppressed [ 523.968153][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 523.979627][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 523.985394][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 523.991172][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 523.996928][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 524.002697][ C1] protocol 88fb is buggy, dev hsr_slave_1 11:57:00 executing program 3: [ 524.128134][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 524.133920][ C0] protocol 88fb is buggy, dev hsr_slave_1 11:57:01 executing program 4: 11:57:01 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1900) [ 524.510127][T15460] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 524.520546][T15460] CPU: 0 PID: 15460 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 524.528445][T15460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 524.538500][T15460] Call Trace: [ 524.541799][T15460] dump_stack+0x11d/0x181 [ 524.546145][T15460] dump_header+0xaa/0x449 [ 524.550563][T15460] oom_kill_process.cold+0x10/0x15 [ 524.555845][T15460] out_of_memory+0x231/0xa00 [ 524.560543][T15460] mem_cgroup_out_of_memory+0x128/0x150 [ 524.566151][T15460] try_charge+0xb5c/0xbe0 [ 524.570503][T15460] mem_cgroup_try_charge+0xd2/0x260 [ 524.575772][T15460] mem_cgroup_try_charge_delay+0x3a/0x80 [ 524.581438][T15460] wp_page_copy+0x322/0x1120 [ 524.586033][T15460] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 524.591829][T15460] do_wp_page+0x192/0x11f0 [ 524.596279][T15460] ? __udelay+0x10/0x20 [ 524.600431][T15460] ? __paravirt_pgd_alloc+0x10/0x10 [ 524.605668][T15460] __handle_mm_fault+0x1ab1/0x2c70 [ 524.610905][T15460] ? delay_tsc+0x8f/0xc0 [ 524.615153][T15460] handle_mm_fault+0x21b/0x530 [ 524.619978][T15460] __do_page_fault+0x456/0x8d0 [ 524.625201][T15460] ? cgroup_rstat_updated+0xbe/0x1e0 [ 524.630487][T15460] do_page_fault+0x38/0x194 [ 524.635939][T15460] page_fault+0x34/0x40 [ 524.640092][T15460] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 524.646680][T15460] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 524.672475][T15460] RSP: 0018:ffffc90001983bc0 EFLAGS: 00010206 [ 524.678588][T15460] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 524.686554][T15460] RDX: 0000000000001000 RSI: ffff88809e2a7b00 RDI: 0000000020121000 [ 524.694614][T15460] RBP: ffffc90001983bf8 R08: ffff8880a7078000 R09: 00008880a7078b18 [ 524.702713][T15460] R10: 0000000000000000 R11: 00008880a7078b1f R12: 0000000020120500 [ 524.710685][T15460] R13: 0000000020121500 R14: 0000000000000000 R15: 00007ffffffff000 [ 524.718715][T15460] ? copyout+0xa5/0xb0 [ 524.722783][T15460] copy_page_to_iter+0x254/0x8b0 [ 524.727719][T15460] pipe_to_user+0x71/0xc0 [ 524.732082][T15460] __splice_from_pipe+0x248/0x480 [ 524.737180][T15460] ? iter_to_pipe+0x3f0/0x3f0 [ 524.741862][T15460] do_vmsplice.part.0+0x1c5/0x210 [ 524.746887][T15460] __do_sys_vmsplice+0x15f/0x1c0 [ 524.751824][T15460] ? __read_once_size+0x5a/0xe0 [ 524.756672][T15460] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 524.762483][T15460] ? _copy_to_user+0x84/0xb0 [ 524.767157][T15460] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 524.773406][T15460] ? put_timespec64+0x94/0xc0 [ 524.778075][T15460] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 524.784311][T15460] __x64_sys_vmsplice+0x5e/0x80 [ 524.789162][T15460] do_syscall_64+0xcc/0x370 [ 524.793784][T15460] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 524.799718][T15460] RIP: 0033:0x45a639 [ 524.803682][T15460] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 524.823289][T15460] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 524.831693][T15460] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 524.839742][T15460] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 524.847878][T15460] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 524.855841][T15460] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 524.863820][T15460] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 524.872055][T15460] memory: usage 307200kB, limit 307200kB, failcnt 32562 [ 524.879035][T15460] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 524.885875][T15460] Memory cgroup stats for /syz5: [ 524.886131][T15460] anon 299618304 [ 524.886131][T15460] file 98304 [ 524.886131][T15460] kernel_stack 1216512 [ 524.886131][T15460] slab 2994176 [ 524.886131][T15460] sock 0 [ 524.886131][T15460] shmem 0 [ 524.886131][T15460] file_mapped 0 [ 524.886131][T15460] file_dirty 0 [ 524.886131][T15460] file_writeback 0 [ 524.886131][T15460] anon_thp 278921216 [ 524.886131][T15460] inactive_anon 0 [ 524.886131][T15460] active_anon 299638784 [ 524.886131][T15460] inactive_file 0 [ 524.886131][T15460] active_file 0 [ 524.886131][T15460] unevictable 0 [ 524.886131][T15460] slab_reclaimable 405504 [ 524.886131][T15460] slab_unreclaimable 2588672 [ 524.886131][T15460] pgfault 38577 [ 524.886131][T15460] pgmajfault 0 [ 524.886131][T15460] workingset_refault 0 [ 524.886131][T15460] workingset_activate 0 [ 524.886131][T15460] workingset_nodereclaim 0 [ 524.886131][T15460] pgrefill 21331 [ 524.886131][T15460] pgscan 21333 [ 524.886131][T15460] pgsteal 67 [ 524.886131][T15460] pgactivate 21252 [ 524.982344][T15460] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9690,uid=0 [ 524.997818][T15460] Memory cgroup out of memory: Killed process 9690 (syz-executor.5) total-vm:72980kB, anon-rss:8372kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 525.019688][T15460] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 525.029918][T15460] CPU: 0 PID: 15460 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 525.037826][T15460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 525.047886][T15460] Call Trace: [ 525.051180][T15460] dump_stack+0x11d/0x181 [ 525.055512][T15460] dump_header+0xaa/0x449 [ 525.059929][T15460] oom_kill_process.cold+0x10/0x15 [ 525.065063][T15460] out_of_memory+0x231/0xa00 [ 525.069788][T15460] mem_cgroup_out_of_memory+0x128/0x150 [ 525.075340][T15460] try_charge+0xb5c/0xbe0 [ 525.079767][T15460] mem_cgroup_try_charge+0xd2/0x260 [ 525.084990][T15460] mem_cgroup_try_charge_delay+0x3a/0x80 [ 525.090638][T15460] wp_page_copy+0x322/0x1120 [ 525.095245][T15460] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 525.100976][T15460] do_wp_page+0x192/0x11f0 [ 525.105388][T15460] ? osq_unlock+0x45/0x120 [ 525.109827][T15460] __handle_mm_fault+0x1ab1/0x2c70 [ 525.114984][T15460] handle_mm_fault+0x21b/0x530 [ 525.119774][T15460] __do_page_fault+0x456/0x8d0 [ 525.124531][T15460] ? cgroup_rstat_updated+0xbe/0x1e0 [ 525.129850][T15460] do_page_fault+0x38/0x194 [ 525.134346][T15460] page_fault+0x34/0x40 [ 525.138554][T15460] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 525.145163][T15460] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 525.164774][T15460] RSP: 0018:ffffc90001983bc0 EFLAGS: 00010206 [ 525.170847][T15460] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 525.178809][T15460] RDX: 0000000000001000 RSI: ffff88809e2a7b00 RDI: 000000002012d000 [ 525.186784][T15460] RBP: ffffc90001983bf8 R08: ffff8880a7078000 R09: 00008880a7078b18 [ 525.194936][T15460] R10: 0000000000000001 R11: 00008880a7078b1f R12: 000000002012c500 [ 525.202898][T15460] R13: 000000002012d500 R14: 0000000000000000 R15: 00007ffffffff000 [ 525.210887][T15460] ? copyout+0xa5/0xb0 [ 525.214954][T15460] copy_page_to_iter+0x254/0x8b0 [ 525.219965][T15460] pipe_to_user+0x71/0xc0 [ 525.225502][T15460] __splice_from_pipe+0x248/0x480 [ 525.230518][T15460] ? iter_to_pipe+0x3f0/0x3f0 [ 525.235190][T15460] do_vmsplice.part.0+0x1c5/0x210 [ 525.240268][T15460] __do_sys_vmsplice+0x15f/0x1c0 [ 525.245202][T15460] ? __read_once_size+0x5a/0xe0 [ 525.250050][T15460] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 525.255825][T15460] ? _copy_to_user+0x84/0xb0 [ 525.260417][T15460] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 525.266646][T15460] ? put_timespec64+0x94/0xc0 [ 525.271344][T15460] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 525.277671][T15460] __x64_sys_vmsplice+0x5e/0x80 [ 525.282525][T15460] do_syscall_64+0xcc/0x370 [ 525.287027][T15460] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 525.293024][T15460] RIP: 0033:0x45a639 [ 525.296919][T15460] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 525.316543][T15460] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 525.324955][T15460] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 525.332919][T15460] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 525.340881][T15460] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 525.349018][T15460] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 11:57:02 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r3) close(r4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r4, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r3, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:02 executing program 3: 11:57:02 executing program 4: 11:57:02 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) [ 525.357071][T15460] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 525.365145][T15460] memory: usage 299048kB, limit 307200kB, failcnt 32596 [ 525.372125][T15460] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 525.381345][T15460] Memory cgroup stats for /syz5: [ 525.381582][T15460] anon 291389440 [ 525.381582][T15460] file 98304 [ 525.381582][T15460] kernel_stack 1253376 [ 525.381582][T15460] slab 2994176 [ 525.381582][T15460] sock 0 [ 525.381582][T15460] shmem 0 [ 525.381582][T15460] file_mapped 0 [ 525.381582][T15460] file_dirty 0 [ 525.381582][T15460] file_writeback 0 [ 525.381582][T15460] anon_thp 270532608 [ 525.381582][T15460] inactive_anon 0 [ 525.381582][T15460] active_anon 291274752 [ 525.381582][T15460] inactive_file 0 [ 525.381582][T15460] active_file 0 [ 525.381582][T15460] unevictable 0 [ 525.381582][T15460] slab_reclaimable 405504 [ 525.381582][T15460] slab_unreclaimable 2588672 [ 525.381582][T15460] pgfault 38610 [ 525.381582][T15460] pgmajfault 0 [ 525.381582][T15460] workingset_refault 0 [ 525.381582][T15460] workingset_activate 0 [ 525.381582][T15460] workingset_nodereclaim 0 [ 525.381582][T15460] pgrefill 21331 [ 525.381582][T15460] pgscan 21333 [ 525.381582][T15460] pgsteal 67 [ 525.381582][T15460] pgactivate 21252 [ 525.383686][ T1069] oom_reaper: reaped process 9690 (syz-executor.5), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 525.386574][T15460] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9626,uid=0 [ 525.503887][T15460] Memory cgroup out of memory: Killed process 9626 (syz-executor.5) total-vm:72980kB, anon-rss:8372kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 11:57:02 executing program 4: 11:57:02 executing program 3: [ 525.728128][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 525.733942][ C1] protocol 88fb is buggy, dev hsr_slave_1 11:57:02 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x0, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:02 executing program 4: 11:57:02 executing program 3: 11:57:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1a00) 11:57:02 executing program 4: 11:57:03 executing program 3: 11:57:03 executing program 3: 11:57:03 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:03 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r3) close(r4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r4, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r3, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:03 executing program 4: 11:57:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1b00) 11:57:03 executing program 4: 11:57:03 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x0, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:03 executing program 3: 11:57:03 executing program 4: 11:57:03 executing program 3: 11:57:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1c00) 11:57:03 executing program 4: 11:57:04 executing program 3: 11:57:04 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:04 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r3) close(r4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r4, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r3, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:04 executing program 4: 11:57:04 executing program 3: 11:57:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1d00) 11:57:04 executing program 3: 11:57:04 executing program 4: 11:57:04 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x0, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1e00) 11:57:04 executing program 3: [ 527.979846][T15585] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 527.990203][T15585] CPU: 0 PID: 15585 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 527.998139][T15585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 528.008633][T15585] Call Trace: [ 528.012072][T15585] dump_stack+0x11d/0x181 [ 528.016462][T15585] dump_header+0xaa/0x449 [ 528.022500][T15585] oom_kill_process.cold+0x10/0x15 [ 528.027619][T15585] out_of_memory+0x231/0xa00 [ 528.033355][T15585] mem_cgroup_out_of_memory+0x128/0x150 [ 528.038924][T15585] try_charge+0xb5c/0xbe0 [ 528.043347][T15585] mem_cgroup_try_charge+0xd2/0x260 [ 528.048563][T15585] mem_cgroup_try_charge_delay+0x3a/0x80 [ 528.054249][T15585] wp_page_copy+0x322/0x1120 [ 528.058958][T15585] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 528.064691][T15585] do_wp_page+0x192/0x11f0 [ 528.069119][T15585] ? __handle_mm_fault+0x14c/0x2c70 [ 528.074345][T15585] __handle_mm_fault+0x1ab1/0x2c70 [ 528.079562][T15585] handle_mm_fault+0x21b/0x530 [ 528.084335][T15585] __do_page_fault+0x456/0x8d0 [ 528.089103][T15585] ? cgroup_rstat_updated+0xbe/0x1e0 [ 528.094410][T15585] do_page_fault+0x38/0x194 [ 528.098978][T15585] page_fault+0x34/0x40 [ 528.103152][T15585] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 528.109755][T15585] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 528.129371][T15585] RSP: 0018:ffffc90001eb3bc0 EFLAGS: 00010206 [ 528.135431][T15585] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 528.143397][T15585] RDX: 0000000000001000 RSI: ffff88811fa7eb00 RDI: 000000002016a000 [ 528.151435][T15585] RBP: ffffc90001eb3bf8 R08: ffff8880992cc100 R09: 00008880992ccc18 [ 528.159397][T15585] R10: 0000000000000000 R11: 00008880992ccc1f R12: 0000000020169500 [ 528.167362][T15585] R13: 000000002016a500 R14: 0000000000000000 R15: 00007ffffffff000 [ 528.175361][T15585] ? copyout+0xa5/0xb0 [ 528.179454][T15585] copy_page_to_iter+0x254/0x8b0 [ 528.184388][T15585] pipe_to_user+0x71/0xc0 [ 528.188716][T15585] __splice_from_pipe+0x248/0x480 [ 528.193815][T15585] ? iter_to_pipe+0x3f0/0x3f0 [ 528.198582][T15585] do_vmsplice.part.0+0x1c5/0x210 [ 528.203735][T15585] __do_sys_vmsplice+0x15f/0x1c0 [ 528.208672][T15585] ? __read_once_size+0x5a/0xe0 [ 528.213617][T15585] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 528.219468][T15585] ? _copy_to_user+0x84/0xb0 [ 528.224145][T15585] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 528.230414][T15585] ? put_timespec64+0x94/0xc0 [ 528.235181][T15585] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 528.241420][T15585] __x64_sys_vmsplice+0x5e/0x80 [ 528.246306][T15585] do_syscall_64+0xcc/0x370 [ 528.250803][T15585] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 528.256689][T15585] RIP: 0033:0x45a639 [ 528.260717][T15585] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 528.280321][T15585] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 528.288821][T15585] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 528.296785][T15585] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 528.304778][T15585] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 528.312795][T15585] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 528.320759][T15585] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff 11:57:05 executing program 4: [ 528.329073][T15585] memory: usage 307200kB, limit 307200kB, failcnt 32624 [ 528.336034][T15585] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 528.342939][T15585] Memory cgroup stats for /syz5: [ 528.343149][T15585] anon 299851776 [ 528.343149][T15585] file 98304 [ 528.343149][T15585] kernel_stack 1179648 [ 528.343149][T15585] slab 2994176 [ 528.343149][T15585] sock 0 [ 528.343149][T15585] shmem 0 [ 528.343149][T15585] file_mapped 0 [ 528.343149][T15585] file_dirty 0 [ 528.343149][T15585] file_writeback 0 [ 528.343149][T15585] anon_thp 278921216 [ 528.343149][T15585] inactive_anon 0 [ 528.343149][T15585] active_anon 299851776 [ 528.343149][T15585] inactive_file 0 [ 528.343149][T15585] active_file 0 [ 528.343149][T15585] unevictable 0 [ 528.343149][T15585] slab_reclaimable 405504 [ 528.343149][T15585] slab_unreclaimable 2588672 [ 528.343149][T15585] pgfault 39699 [ 528.343149][T15585] pgmajfault 0 [ 528.343149][T15585] workingset_refault 0 [ 528.343149][T15585] workingset_activate 0 [ 528.343149][T15585] workingset_nodereclaim 0 [ 528.343149][T15585] pgrefill 21331 [ 528.343149][T15585] pgscan 21333 [ 528.343149][T15585] pgsteal 67 [ 528.343149][T15585] pgactivate 21252 [ 528.440362][T15585] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15540,uid=0 [ 528.455846][T15585] Memory cgroup out of memory: Killed process 15540 (syz-executor.5) total-vm:72980kB, anon-rss:16564kB, file-rss:35808kB, shmem-rss:0kB, UID:0 pgtables:159744kB oom_score_adj:1000 [ 528.478280][T15577] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 528.488493][T15577] CPU: 1 PID: 15577 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 528.496445][T15577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 528.506511][T15577] Call Trace: [ 528.509858][T15577] dump_stack+0x11d/0x181 [ 528.514211][T15577] dump_header+0xaa/0x449 [ 528.518549][T15577] oom_kill_process.cold+0x10/0x15 [ 528.523656][T15577] out_of_memory+0x231/0xa00 [ 528.528320][T15577] mem_cgroup_out_of_memory+0x128/0x150 [ 528.533911][T15577] try_charge+0xb5c/0xbe0 [ 528.538308][T15577] ? __rcu_read_unlock+0x66/0x3c0 [ 528.543332][T15577] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 528.548785][T15577] ? get_mem_cgroup_from_mm+0xb6/0x1c0 [ 528.554505][T15577] __memcg_kmem_charge+0xde/0x240 [ 528.559636][T15577] ? __mod_memcg_state+0x9a/0x120 [ 528.564714][T15577] copy_process+0x11d2/0x3b50 [ 528.569453][T15577] ? record_times+0x16/0x90 [ 528.573968][T15577] ? psi_task_change+0x1ad/0x2d0 [ 528.578924][T15577] _do_fork+0xfe/0x6e0 [ 528.583028][T15577] ? preempt_count_add+0x48/0xb0 [ 528.588309][T15577] ? blkcg_maybe_throttle_current+0x472/0x610 [ 528.594381][T15577] ? percpu_ref_put_many+0x78/0xc0 [ 528.600315][T15577] __x64_sys_clone+0x12b/0x160 [ 528.605172][T15577] do_syscall_64+0xcc/0x370 [ 528.609690][T15577] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 528.615571][T15577] RIP: 0033:0x45d009 [ 528.619660][T15577] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 528.639255][T15577] RSP: 002b:00007ffd5a083408 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 528.647781][T15577] RAX: ffffffffffffffda RBX: 00007fae92927700 RCX: 000000000045d009 [ 528.655802][T15577] RDX: 00007fae929279d0 RSI: 00007fae92926db0 RDI: 00000000003d0f00 [ 528.663767][T15577] RBP: 00007ffd5a083620 R08: 00007fae92927700 R09: 00007fae92927700 [ 528.672767][T15577] R10: 00007fae929279d0 R11: 0000000000000202 R12: 0000000000000000 [ 528.680771][T15577] R13: 00007ffd5a0834bf R14: 00007fae929279c0 R15: 000000000075c124 [ 528.688830][T15577] memory: usage 307200kB, limit 307200kB, failcnt 32655 [ 528.695753][T15577] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 528.702668][T15577] Memory cgroup stats for /syz5: [ 528.702831][T15577] anon 299986944 [ 528.702831][T15577] file 98304 [ 528.702831][T15577] kernel_stack 1216512 [ 528.702831][T15577] slab 2994176 [ 528.702831][T15577] sock 0 [ 528.702831][T15577] shmem 0 [ 528.702831][T15577] file_mapped 0 [ 528.702831][T15577] file_dirty 0 [ 528.702831][T15577] file_writeback 0 [ 528.702831][T15577] anon_thp 278921216 [ 528.702831][T15577] inactive_anon 0 [ 528.702831][T15577] active_anon 299986944 [ 528.702831][T15577] inactive_file 0 [ 528.702831][T15577] active_file 0 [ 528.702831][T15577] unevictable 0 [ 528.702831][T15577] slab_reclaimable 405504 [ 528.702831][T15577] slab_unreclaimable 2588672 [ 528.702831][T15577] pgfault 39732 [ 528.702831][T15577] pgmajfault 0 [ 528.702831][T15577] workingset_refault 0 [ 528.702831][T15577] workingset_activate 0 [ 528.702831][T15577] workingset_nodereclaim 0 [ 528.702831][T15577] pgrefill 21331 [ 528.702831][T15577] pgscan 21366 [ 528.702831][T15577] pgsteal 67 [ 528.702831][T15577] pgactivate 21252 [ 528.799007][T15577] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10334,uid=0 [ 528.814779][T15577] Memory cgroup out of memory: Killed process 10334 (syz-executor.5) total-vm:72980kB, anon-rss:8372kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 11:57:06 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) [ 529.650880][ T1069] oom_reaper: reaped process 10334 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 11:57:06 executing program 3: [ 529.898172][ C1] net_ratelimit: 22 callbacks suppressed [ 529.898183][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 529.909694][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 529.915453][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 529.921227][ C1] protocol 88fb is buggy, dev hsr_slave_1 11:57:06 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:06 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:06 executing program 4: 11:57:06 executing program 3: 11:57:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1f00) 11:57:07 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:07 executing program 4: 11:57:07 executing program 3: [ 530.368155][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 530.368163][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 530.368194][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 530.373944][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 530.379686][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 530.396860][ C1] protocol 88fb is buggy, dev hsr_slave_1 11:57:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x2100) 11:57:07 executing program 4: 11:57:07 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:07 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:07 executing program 3: 11:57:07 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:07 executing program 4: 11:57:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x2600) 11:57:07 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, 0x0, 0x0) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:07 executing program 3: 11:57:08 executing program 4: 11:57:08 executing program 3: 11:57:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, 0x0, 0x0) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:08 executing program 4: 11:57:08 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x2e00) 11:57:08 executing program 3: 11:57:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, 0x0, 0x0) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:08 executing program 4: 11:57:08 executing program 3: r0 = socket$inet(0x10, 0x2, 0xc) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r2, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000020207051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) 11:57:08 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x3600) 11:57:08 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = io_uring_setup(0x40000000e, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, [], {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000500)=[{&(0x7f0000000080)=""/157, 0x9d}, {&(0x7f0000000140)=""/95, 0x5f}, {&(0x7f00000001c0)=""/1, 0x1}, {0x0}], 0x4) 11:57:08 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) [ 532.189598][T15737] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 532.200003][T15737] CPU: 0 PID: 15737 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 532.207936][T15737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 532.218025][T15737] Call Trace: [ 532.221396][T15737] dump_stack+0x11d/0x181 [ 532.225747][T15737] dump_header+0xaa/0x449 [ 532.230157][T15737] oom_kill_process.cold+0x10/0x15 [ 532.235282][T15737] out_of_memory+0x231/0xa00 [ 532.239906][T15737] mem_cgroup_out_of_memory+0x128/0x150 [ 532.245496][T15737] try_charge+0xb5c/0xbe0 [ 532.249852][T15737] mem_cgroup_try_charge+0xd2/0x260 [ 532.255112][T15737] mem_cgroup_try_charge_delay+0x3a/0x80 [ 532.260756][T15737] wp_page_copy+0x322/0x1120 [ 532.265457][T15737] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 532.271188][T15737] do_wp_page+0x192/0x11f0 [ 532.275614][T15737] ? __udelay+0x10/0x20 [ 532.279821][T15737] ? __paravirt_pgd_alloc+0x10/0x10 [ 532.285082][T15737] __handle_mm_fault+0x1ab1/0x2c70 [ 532.290216][T15737] handle_mm_fault+0x21b/0x530 [ 532.294995][T15737] __do_page_fault+0x456/0x8d0 [ 532.299754][T15737] ? cgroup_rstat_updated+0xbe/0x1e0 [ 532.305034][T15737] do_page_fault+0x38/0x194 [ 532.309552][T15737] page_fault+0x34/0x40 [ 532.313703][T15737] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 532.320309][T15737] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 532.339912][T15737] RSP: 0018:ffffc9000249bbc0 EFLAGS: 00010206 [ 532.346027][T15737] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 532.354114][T15737] RDX: 0000000000001000 RSI: ffff88809ad67b00 RDI: 0000000020318000 [ 532.362081][T15737] RBP: ffffc9000249bbf8 R08: ffff88811e102080 R09: 000088811e102b98 [ 532.370064][T15737] R10: 0000000000000000 R11: 000088811e102b9f R12: 0000000020317500 [ 532.378028][T15737] R13: 0000000020318500 R14: 0000000000000000 R15: 00007ffffffff000 [ 532.386154][T15737] ? copyout+0xa5/0xb0 [ 532.390219][T15737] copy_page_to_iter+0x254/0x8b0 [ 532.395249][T15737] pipe_to_user+0x71/0xc0 [ 532.399586][T15737] __splice_from_pipe+0x248/0x480 [ 532.404674][T15737] ? iter_to_pipe+0x3f0/0x3f0 [ 532.409728][T15737] do_vmsplice.part.0+0x1c5/0x210 [ 532.414746][T15737] __do_sys_vmsplice+0x15f/0x1c0 [ 532.419766][T15737] ? __read_once_size+0x5a/0xe0 [ 532.424734][T15737] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 532.430467][T15737] ? _copy_to_user+0x84/0xb0 [ 532.435070][T15737] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 532.441330][T15737] ? put_timespec64+0x94/0xc0 [ 532.446000][T15737] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 532.452235][T15737] __x64_sys_vmsplice+0x5e/0x80 [ 532.457101][T15737] do_syscall_64+0xcc/0x370 [ 532.461748][T15737] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 532.467640][T15737] RIP: 0033:0x45a639 [ 532.478063][T15737] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 532.497682][T15737] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 532.506099][T15737] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 532.514065][T15737] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 532.522028][T15737] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 532.530006][T15737] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 532.538054][T15737] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 532.546225][T15737] memory: usage 307200kB, limit 307200kB, failcnt 36937 [ 532.553193][T15737] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 532.560201][T15737] Memory cgroup stats for /syz5: [ 532.560382][T15737] anon 299626496 [ 532.560382][T15737] file 98304 [ 532.560382][T15737] kernel_stack 1216512 [ 532.560382][T15737] slab 2994176 [ 532.560382][T15737] sock 0 [ 532.560382][T15737] shmem 0 [ 532.560382][T15737] file_mapped 0 [ 532.560382][T15737] file_dirty 0 [ 532.560382][T15737] file_writeback 0 [ 532.560382][T15737] anon_thp 278921216 [ 532.560382][T15737] inactive_anon 0 [ 532.560382][T15737] active_anon 299626496 [ 532.560382][T15737] inactive_file 0 [ 532.560382][T15737] active_file 0 [ 532.560382][T15737] unevictable 0 [ 532.560382][T15737] slab_reclaimable 405504 [ 532.560382][T15737] slab_unreclaimable 2588672 [ 532.560382][T15737] pgfault 40788 [ 532.560382][T15737] pgmajfault 0 [ 532.560382][T15737] workingset_refault 0 [ 532.560382][T15737] workingset_activate 0 [ 532.560382][T15737] workingset_nodereclaim 0 [ 532.560382][T15737] pgrefill 23377 [ 532.560382][T15737] pgscan 23412 [ 532.560382][T15737] pgsteal 67 [ 532.560382][T15737] pgactivate 23331 [ 532.656445][T15737] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15705,uid=0 [ 532.671946][T15737] Memory cgroup out of memory: Killed process 15705 (syz-executor.5) total-vm:72980kB, anon-rss:8372kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 532.694603][T15737] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 532.704828][T15737] CPU: 0 PID: 15737 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 532.712732][T15737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 532.722838][T15737] Call Trace: [ 532.726240][T15737] dump_stack+0x11d/0x181 [ 532.730565][T15737] dump_header+0xaa/0x449 [ 532.735027][T15737] oom_kill_process.cold+0x10/0x15 [ 532.740150][T15737] out_of_memory+0x231/0xa00 [ 532.744753][T15737] mem_cgroup_out_of_memory+0x128/0x150 [ 532.750354][T15737] try_charge+0xb5c/0xbe0 [ 532.754708][T15737] mem_cgroup_try_charge+0xd2/0x260 [ 532.759986][T15737] mem_cgroup_try_charge_delay+0x3a/0x80 [ 532.765656][T15737] wp_page_copy+0x322/0x1120 [ 532.770281][T15737] ? __udelay+0x10/0x20 [ 532.774458][T15737] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 532.780264][T15737] do_wp_page+0x192/0x11f0 [ 532.784689][T15737] ? __udelay+0x10/0x20 [ 532.788849][T15737] ? __paravirt_pgd_alloc+0x10/0x10 [ 532.794086][T15737] __handle_mm_fault+0x1ab1/0x2c70 [ 532.799225][T15737] handle_mm_fault+0x21b/0x530 [ 532.804095][T15737] __do_page_fault+0x456/0x8d0 [ 532.808873][T15737] ? cgroup_rstat_updated+0xbe/0x1e0 [ 532.814184][T15737] do_page_fault+0x38/0x194 [ 532.818688][T15737] page_fault+0x34/0x40 [ 532.822854][T15737] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 532.829446][T15737] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 532.849056][T15737] RSP: 0018:ffffc9000249bbc0 EFLAGS: 00010206 [ 532.855130][T15737] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 532.863188][T15737] RDX: 0000000000001000 RSI: ffff88809ad67b00 RDI: 0000000020326000 [ 532.871163][T15737] RBP: ffffc9000249bbf8 R08: ffff88811e102080 R09: 000088811e102b98 [ 532.879134][T15737] R10: 0000000000000001 R11: 000088811e102b9f R12: 0000000020325500 [ 532.887104][T15737] R13: 0000000020326500 R14: 0000000000000000 R15: 00007ffffffff000 [ 532.895121][T15737] ? copyout+0xa5/0xb0 [ 532.899207][T15737] copy_page_to_iter+0x254/0x8b0 [ 532.904228][T15737] pipe_to_user+0x71/0xc0 [ 532.908633][T15737] __splice_from_pipe+0x248/0x480 [ 532.913675][T15737] ? iter_to_pipe+0x3f0/0x3f0 [ 532.918365][T15737] do_vmsplice.part.0+0x1c5/0x210 [ 532.923657][T15737] __do_sys_vmsplice+0x15f/0x1c0 [ 532.928676][T15737] ? __read_once_size+0x5a/0xe0 [ 532.933530][T15737] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 532.939253][T15737] ? _copy_to_user+0x84/0xb0 [ 532.943995][T15737] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 532.950247][T15737] ? put_timespec64+0x94/0xc0 [ 532.954959][T15737] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 532.961205][T15737] __x64_sys_vmsplice+0x5e/0x80 [ 532.966056][T15737] do_syscall_64+0xcc/0x370 [ 532.970635][T15737] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 532.976581][T15737] RIP: 0033:0x45a639 [ 532.980472][T15737] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 533.000113][T15737] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 533.008524][T15737] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 533.016492][T15737] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 533.024456][T15737] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 533.032503][T15737] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 11:57:09 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:09 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) [ 533.040561][T15737] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 533.048850][T15737] memory: usage 298784kB, limit 307200kB, failcnt 36977 [ 533.055838][T15737] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 533.062730][T15737] Memory cgroup stats for /syz5: [ 533.062928][T15737] anon 291336192 [ 533.062928][T15737] file 98304 [ 533.062928][T15737] kernel_stack 1253376 [ 533.062928][T15737] slab 2994176 [ 533.062928][T15737] sock 0 [ 533.062928][T15737] shmem 0 [ 533.062928][T15737] file_mapped 0 [ 533.062928][T15737] file_dirty 0 [ 533.062928][T15737] file_writeback 0 [ 533.062928][T15737] anon_thp 270532608 [ 533.062928][T15737] inactive_anon 0 [ 533.062928][T15737] active_anon 291336192 [ 533.062928][T15737] inactive_file 0 [ 533.062928][T15737] active_file 0 [ 533.062928][T15737] unevictable 0 [ 533.062928][T15737] slab_reclaimable 405504 [ 533.062928][T15737] slab_unreclaimable 2588672 [ 533.062928][T15737] pgfault 40788 [ 533.062928][T15737] pgmajfault 0 [ 533.062928][T15737] workingset_refault 0 [ 533.062928][T15737] workingset_activate 0 [ 533.062928][T15737] workingset_nodereclaim 0 [ 533.062928][T15737] pgrefill 23377 [ 533.062928][T15737] pgscan 23412 [ 533.062928][T15737] pgsteal 67 [ 533.062928][T15737] pgactivate 23331 [ 533.159383][T15737] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15664,uid=0 [ 533.174918][T15737] Memory cgroup out of memory: Killed process 15664 (syz-executor.5) total-vm:72980kB, anon-rss:8372kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 11:57:10 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x3800) 11:57:10 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0xa1493c1701022a07) socket$inet6_udp(0xa, 0x2, 0x0) pipe(&(0x7f0000000700)={0xffffffffffffffff}) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_IRQ_BUSID(r0, 0xc0106403, &(0x7f0000000240)={0x0, 0xfffffffe, 0x7ff}) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000540)='TIPCv2\x00') r1 = syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) r2 = syz_open_dev$dmmidi(&(0x7f00000001c0)='/dev/dmmidi#\x00', 0x6, 0x80002) sendto$netrom(r2, &(0x7f0000000940), 0x0, 0x800, 0x0, 0x0) getsockopt$inet_mreqn(r1, 0x0, 0x0, &(0x7f0000000340)={@loopback, @initdev}, &(0x7f0000000900)=0xa) add_key(0x0, &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0) request_key(0x0, &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, 0x0) getsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f0000000640)=""/79, &(0x7f0000000080)=0x4f) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x3f, 0x1, 0x0, 0x0, 0x3, 0x1dcc11275f852e7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5, @perf_bp={&(0x7f0000000140), 0x8}, 0x20000a01c, 0x2, 0x2, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0xf24e96747c77a447) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x700, &(0x7f0000000000)) fsetxattr(0xffffffffffffffff, &(0x7f00000000c0)=@known='system.sockprotoname\x00', &(0x7f0000000600)='wlan1#wlan0!(nodevppp0vboxnet1wlan1[posix_acl_accessmd5sum\x00', 0x3b, 0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 11:57:10 executing program 4: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x1b, 0x0}}], 0x1, 0x0, 0x0) select(0x0, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ff, 0x0, 0x0, 0x5f0, 0x2, 0xc847, 0x4}, &(0x7f0000000280)) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/udp\x00') preadv(r0, &(0x7f00000017c0), 0x199, 0x0) 11:57:10 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x3e00) 11:57:10 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:10 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:10 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, 0x0, 0x0) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x4000) [ 534.113382][T15813] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 534.123758][T15813] CPU: 0 PID: 15813 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 534.131637][T15813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 534.141698][T15813] Call Trace: [ 534.145004][T15813] dump_stack+0x11d/0x181 [ 534.149426][T15813] dump_header+0xaa/0x449 [ 534.153768][T15813] oom_kill_process.cold+0x10/0x15 [ 534.158891][T15813] out_of_memory+0x231/0xa00 [ 534.163502][T15813] mem_cgroup_out_of_memory+0x128/0x150 [ 534.169093][T15813] try_charge+0xb5c/0xbe0 [ 534.173449][T15813] mem_cgroup_try_charge+0xd2/0x260 [ 534.178662][T15813] mem_cgroup_try_charge_delay+0x3a/0x80 [ 534.184327][T15813] wp_page_copy+0x322/0x1120 [ 534.188952][T15813] ? apic_timer_interrupt+0xa/0x20 [ 534.194169][T15813] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 534.199899][T15813] do_wp_page+0x192/0x11f0 [ 534.204350][T15813] ? __handle_mm_fault+0x222/0x2c70 [ 534.209562][T15813] __handle_mm_fault+0x1ab1/0x2c70 [ 534.214685][T15813] ? delay_tsc+0x8f/0xc0 [ 534.218941][T15813] handle_mm_fault+0x21b/0x530 [ 534.223755][T15813] __do_page_fault+0x456/0x8d0 [ 534.228527][T15813] ? cgroup_rstat_updated+0xbe/0x1e0 [ 534.233827][T15813] do_page_fault+0x38/0x194 [ 534.238347][T15813] page_fault+0x34/0x40 [ 534.242511][T15813] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 534.249114][T15813] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 534.268729][T15813] RSP: 0018:ffffc9000270bbc0 EFLAGS: 00010206 [ 534.274803][T15813] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 534.282779][T15813] RDX: 0000000000001000 RSI: ffff88809efb8b00 RDI: 000000002031b000 [ 534.290812][T15813] RBP: ffffc9000270bbf8 R08: ffff8880a7a1e040 R09: 00008880a7a1eb58 [ 534.298788][T15813] R10: 0000000000000000 R11: 00008880a7a1eb5f R12: 000000002031a500 [ 534.306764][T15813] R13: 000000002031b500 R14: 0000000000000000 R15: 00007ffffffff000 [ 534.314788][T15813] ? copyout+0xa5/0xb0 [ 534.318859][T15813] copy_page_to_iter+0x254/0x8b0 [ 534.323807][T15813] pipe_to_user+0x71/0xc0 [ 534.328287][T15813] __splice_from_pipe+0x248/0x480 [ 534.333321][T15813] ? iter_to_pipe+0x3f0/0x3f0 [ 534.338016][T15813] do_vmsplice.part.0+0x1c5/0x210 [ 534.343040][T15813] __do_sys_vmsplice+0x15f/0x1c0 [ 534.347993][T15813] ? __read_once_size+0x5a/0xe0 [ 534.352932][T15813] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 534.358652][T15813] ? _copy_to_user+0x84/0xb0 [ 534.363322][T15813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 534.369556][T15813] ? put_timespec64+0x94/0xc0 [ 534.374227][T15813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 534.380532][T15813] __x64_sys_vmsplice+0x5e/0x80 [ 534.385379][T15813] do_syscall_64+0xcc/0x370 [ 534.389889][T15813] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 534.395770][T15813] RIP: 0033:0x45a639 [ 534.399757][T15813] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 534.419350][T15813] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 534.427752][T15813] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 534.435724][T15813] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 534.443688][T15813] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 534.451648][T15813] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 11:57:11 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) [ 534.459612][T15813] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 534.467774][T15813] memory: usage 307200kB, limit 307200kB, failcnt 36994 [ 534.474774][T15813] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 534.481663][T15813] Memory cgroup stats for /syz5: [ 534.481831][T15813] anon 299622400 [ 534.481831][T15813] file 98304 [ 534.481831][T15813] kernel_stack 1216512 [ 534.481831][T15813] slab 2994176 [ 534.481831][T15813] sock 0 [ 534.481831][T15813] shmem 0 [ 534.481831][T15813] file_mapped 0 [ 534.481831][T15813] file_dirty 0 [ 534.481831][T15813] file_writeback 0 [ 534.481831][T15813] anon_thp 278921216 [ 534.481831][T15813] inactive_anon 0 [ 534.481831][T15813] active_anon 299622400 [ 534.481831][T15813] inactive_file 0 [ 534.481831][T15813] active_file 0 [ 534.481831][T15813] unevictable 0 [ 534.481831][T15813] slab_reclaimable 405504 [ 534.481831][T15813] slab_unreclaimable 2588672 [ 534.481831][T15813] pgfault 41580 [ 534.481831][T15813] pgmajfault 0 [ 534.481831][T15813] workingset_refault 0 [ 534.481831][T15813] workingset_activate 0 [ 534.481831][T15813] workingset_nodereclaim 0 [ 534.481831][T15813] pgrefill 23377 [ 534.481831][T15813] pgscan 23412 [ 534.481831][T15813] pgsteal 67 [ 534.481831][T15813] pgactivate 23331 [ 534.577957][T15813] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15802,uid=0 [ 534.593437][T15813] Memory cgroup out of memory: Killed process 15802 (syz-executor.5) total-vm:72980kB, anon-rss:8372kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 534.618020][T15813] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 534.628325][T15813] CPU: 0 PID: 15813 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 534.636214][T15813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 534.646262][T15813] Call Trace: [ 534.649661][T15813] dump_stack+0x11d/0x181 [ 534.653986][T15813] dump_header+0xaa/0x449 [ 534.658316][T15813] oom_kill_process.cold+0x10/0x15 [ 534.663531][T15813] out_of_memory+0x231/0xa00 [ 534.668184][T15813] mem_cgroup_out_of_memory+0x128/0x150 [ 534.673730][T15813] try_charge+0xb5c/0xbe0 [ 534.678084][T15813] mem_cgroup_try_charge+0xd2/0x260 [ 534.683285][T15813] mem_cgroup_try_charge_delay+0x3a/0x80 [ 534.689276][T15813] wp_page_copy+0x322/0x1120 [ 534.693924][T15813] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 534.700701][T15813] do_wp_page+0x192/0x11f0 [ 534.705117][T15813] ? osq_unlock+0x45/0x120 [ 534.709543][T15813] __handle_mm_fault+0x1ab1/0x2c70 [ 534.714667][T15813] handle_mm_fault+0x21b/0x530 [ 534.723110][T15813] __do_page_fault+0x456/0x8d0 [ 534.727870][T15813] ? cgroup_rstat_updated+0xbe/0x1e0 [ 534.733149][T15813] do_page_fault+0x38/0x194 [ 534.737655][T15813] page_fault+0x34/0x40 [ 534.741803][T15813] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 534.748387][T15813] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 534.768046][T15813] RSP: 0018:ffffc9000270bbc0 EFLAGS: 00010206 [ 534.774103][T15813] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 534.782132][T15813] RDX: 0000000000001000 RSI: ffff88809efb8b00 RDI: 0000000020329000 [ 534.790096][T15813] RBP: ffffc9000270bbf8 R08: ffff8880a7a1e040 R09: 00008880a7a1eb58 [ 534.798156][T15813] R10: 0000000000000001 R11: 00008880a7a1eb5f R12: 0000000020328500 [ 534.806219][T15813] R13: 0000000020329500 R14: 0000000000000000 R15: 00007ffffffff000 [ 534.814236][T15813] ? copyout+0xa5/0xb0 [ 534.818363][T15813] copy_page_to_iter+0x254/0x8b0 [ 534.823316][T15813] pipe_to_user+0x71/0xc0 [ 534.827647][T15813] __splice_from_pipe+0x248/0x480 [ 534.832666][T15813] ? iter_to_pipe+0x3f0/0x3f0 [ 534.837450][T15813] do_vmsplice.part.0+0x1c5/0x210 [ 534.842516][T15813] __do_sys_vmsplice+0x15f/0x1c0 [ 534.847551][T15813] ? __read_once_size+0x5a/0xe0 [ 534.852408][T15813] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 534.858120][T15813] ? _copy_to_user+0x84/0xb0 [ 534.862715][T15813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 534.868945][T15813] ? put_timespec64+0x94/0xc0 [ 534.873653][T15813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 534.879884][T15813] __x64_sys_vmsplice+0x5e/0x80 [ 534.884735][T15813] do_syscall_64+0xcc/0x370 [ 534.889351][T15813] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 534.895239][T15813] RIP: 0033:0x45a639 [ 534.899186][T15813] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 534.919145][T15813] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 534.927644][T15813] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 534.935606][T15813] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 534.943565][T15813] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 534.951527][T15813] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 534.959487][T15813] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 534.967592][T15813] memory: usage 307200kB, limit 307200kB, failcnt 37026 [ 534.974537][T15813] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 534.981392][T15813] Memory cgroup stats for /syz5: [ 534.981633][T15813] anon 299622400 [ 534.981633][T15813] file 98304 [ 534.981633][T15813] kernel_stack 1216512 [ 534.981633][T15813] slab 2994176 [ 534.981633][T15813] sock 0 [ 534.981633][T15813] shmem 0 [ 534.981633][T15813] file_mapped 0 [ 534.981633][T15813] file_dirty 0 [ 534.981633][T15813] file_writeback 0 [ 534.981633][T15813] anon_thp 278921216 [ 534.981633][T15813] inactive_anon 0 [ 534.981633][T15813] active_anon 299622400 [ 534.981633][T15813] inactive_file 0 [ 534.981633][T15813] active_file 0 [ 534.981633][T15813] unevictable 0 [ 534.981633][T15813] slab_reclaimable 405504 [ 534.981633][T15813] slab_unreclaimable 2588672 [ 534.981633][T15813] pgfault 41580 [ 534.981633][T15813] pgmajfault 0 [ 534.981633][T15813] workingset_refault 0 [ 534.981633][T15813] workingset_activate 0 [ 534.981633][T15813] workingset_nodereclaim 0 [ 534.981633][T15813] pgrefill 23377 [ 534.981633][T15813] pgscan 23412 [ 534.981633][T15813] pgsteal 67 [ 534.981633][T15813] pgactivate 23331 [ 535.078062][T15813] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15783,uid=0 [ 535.093530][T15813] Memory cgroup out of memory: Killed process 15783 (syz-executor.5) total-vm:72980kB, anon-rss:8372kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 535.598598][ T1069] oom_reaper: reaped process 15802 (syz-executor.5), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 11:57:12 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) [ 535.642522][ T1069] oom_reaper: reaped process 15783 (syz-executor.5), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 11:57:12 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:12 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x4f00) [ 536.128191][ C1] net_ratelimit: 26 callbacks suppressed [ 536.128201][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 536.139702][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 536.145496][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 536.151401][ C1] protocol 88fb is buggy, dev hsr_slave_1 11:57:13 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:13 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:13 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x6400) [ 536.688214][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 536.694020][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 536.698167][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 536.705482][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 536.711459][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 536.717203][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 536.760368][T15878] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 536.770674][T15878] CPU: 0 PID: 15878 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 536.778561][T15878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 536.788683][T15878] Call Trace: [ 536.791983][T15878] dump_stack+0x11d/0x181 [ 536.796320][T15878] dump_header+0xaa/0x449 [ 536.800656][T15878] oom_kill_process.cold+0x10/0x15 [ 536.805781][T15878] out_of_memory+0x231/0xa00 [ 536.810392][T15878] mem_cgroup_out_of_memory+0x128/0x150 [ 536.816140][T15878] try_charge+0xb5c/0xbe0 [ 536.820514][T15878] mem_cgroup_try_charge+0xd2/0x260 [ 536.825777][T15878] mem_cgroup_try_charge_delay+0x3a/0x80 [ 536.831420][T15878] wp_page_copy+0x322/0x1120 [ 536.836109][T15878] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 536.841854][T15878] do_wp_page+0x192/0x11f0 [ 536.846357][T15878] ? __udelay+0x10/0x20 [ 536.850556][T15878] __handle_mm_fault+0x1ab1/0x2c70 [ 536.855703][T15878] handle_mm_fault+0x21b/0x530 [ 536.860468][T15878] __do_page_fault+0x456/0x8d0 [ 536.865807][T15878] ? cgroup_rstat_updated+0xbe/0x1e0 [ 536.871108][T15878] do_page_fault+0x38/0x194 [ 536.875630][T15878] page_fault+0x34/0x40 [ 536.879923][T15878] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 536.886541][T15878] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 536.907014][T15878] RSP: 0018:ffffc9000293bbc0 EFLAGS: 00010206 [ 536.913079][T15878] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 536.921040][T15878] RDX: 0000000000001000 RSI: ffff8880a7295b00 RDI: 0000000020b59000 [ 536.929003][T15878] RBP: ffffc9000293bbf8 R08: ffff888120ec4100 R09: 0000888120ec4c18 [ 536.937032][T15878] R10: 0000000000000001 R11: 0000888120ec4c1f R12: 0000000020b58500 [ 536.945777][T15878] R13: 0000000020b59500 R14: 0000000000000000 R15: 00007ffffffff000 [ 536.953753][T15878] ? copyout+0xa5/0xb0 [ 536.957815][T15878] copy_page_to_iter+0x254/0x8b0 [ 536.962773][T15878] pipe_to_user+0x71/0xc0 [ 536.967104][T15878] __splice_from_pipe+0x248/0x480 [ 536.972550][T15878] ? iter_to_pipe+0x3f0/0x3f0 [ 536.977233][T15878] do_vmsplice.part.0+0x1c5/0x210 [ 536.982308][T15878] __do_sys_vmsplice+0x15f/0x1c0 [ 536.987302][T15878] ? __read_once_size+0x5a/0xe0 [ 536.992217][T15878] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 536.997928][T15878] ? _copy_to_user+0x84/0xb0 [ 537.002566][T15878] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 537.008899][T15878] ? put_timespec64+0x94/0xc0 [ 537.013727][T15878] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 537.019987][T15878] __x64_sys_vmsplice+0x5e/0x80 [ 537.024897][T15878] do_syscall_64+0xcc/0x370 [ 537.029406][T15878] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 537.035296][T15878] RIP: 0033:0x45a639 [ 537.039191][T15878] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 537.058796][T15878] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 537.067218][T15878] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 537.075185][T15878] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 537.083209][T15878] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 537.091171][T15878] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 537.099166][T15878] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 537.107341][T15878] memory: usage 307200kB, limit 307200kB, failcnt 39620 [ 537.114315][T15878] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 537.121197][T15878] Memory cgroup stats for /syz5: [ 537.121413][T15878] anon 299773952 [ 537.121413][T15878] file 98304 [ 537.121413][T15878] kernel_stack 1216512 [ 537.121413][T15878] slab 2994176 [ 537.121413][T15878] sock 0 [ 537.121413][T15878] shmem 0 [ 537.121413][T15878] file_mapped 0 [ 537.121413][T15878] file_dirty 0 [ 537.121413][T15878] file_writeback 0 [ 537.121413][T15878] anon_thp 278921216 [ 537.121413][T15878] inactive_anon 0 [ 537.121413][T15878] active_anon 299773952 [ 537.121413][T15878] inactive_file 0 [ 537.121413][T15878] active_file 0 [ 537.121413][T15878] unevictable 0 [ 537.121413][T15878] slab_reclaimable 405504 [ 537.121413][T15878] slab_unreclaimable 2588672 [ 537.121413][T15878] pgfault 42306 [ 537.121413][T15878] pgmajfault 0 [ 537.121413][T15878] workingset_refault 0 [ 537.121413][T15878] workingset_activate 0 [ 537.121413][T15878] workingset_nodereclaim 0 [ 537.121413][T15878] pgrefill 23377 [ 537.121413][T15878] pgscan 23412 11:57:14 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) [ 537.121413][T15878] pgsteal 67 [ 537.121413][T15878] pgactivate 23331 [ 537.218344][T15878] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15867,uid=0 [ 537.233909][T15878] Memory cgroup out of memory: Killed process 15867 (syz-executor.5) total-vm:72980kB, anon-rss:11652kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 537.256119][ T1069] oom_reaper: reaped process 15867 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 11:57:14 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:14 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x6500) 11:57:14 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:14 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) [ 537.682443][T15911] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 537.692745][T15911] CPU: 1 PID: 15911 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 537.700641][T15911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 537.710710][T15911] Call Trace: [ 537.714018][T15911] dump_stack+0x11d/0x181 [ 537.718362][T15911] dump_header+0xaa/0x449 [ 537.722704][T15911] oom_kill_process.cold+0x10/0x15 [ 537.727837][T15911] out_of_memory+0x231/0xa00 [ 537.732438][T15911] mem_cgroup_out_of_memory+0x128/0x150 [ 537.738001][T15911] try_charge+0xb5c/0xbe0 [ 537.742399][T15911] mem_cgroup_try_charge+0xd2/0x260 [ 537.747661][T15911] mem_cgroup_try_charge_delay+0x3a/0x80 [ 537.753301][T15911] wp_page_copy+0x322/0x1120 [ 537.757900][T15911] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 537.763662][T15911] do_wp_page+0x192/0x11f0 [ 537.768125][T15911] ? __udelay+0x10/0x20 [ 537.772284][T15911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 537.778534][T15911] ? debug_smp_processor_id+0x4c/0x172 [ 537.784149][T15911] __handle_mm_fault+0x1ab1/0x2c70 [ 537.789334][T15911] handle_mm_fault+0x21b/0x530 [ 537.794150][T15911] __do_page_fault+0x456/0x8d0 [ 537.798927][T15911] ? cgroup_rstat_updated+0xbe/0x1e0 [ 537.804209][T15911] do_page_fault+0x38/0x194 [ 537.808709][T15911] page_fault+0x34/0x40 [ 537.812864][T15911] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 537.819450][T15911] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 537.839113][T15911] RSP: 0018:ffffc90002a6fbc0 EFLAGS: 00010206 [ 537.845214][T15911] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 537.853177][T15911] RDX: 0000000000001000 RSI: ffff8880b0c9db00 RDI: 0000000020b5a000 [ 537.861143][T15911] RBP: ffffc90002a6fbf8 R08: ffff88809cf06100 R09: 000088809cf06c18 [ 537.869107][T15911] R10: 0000000000000001 R11: 000088809cf06c1f R12: 0000000020b59500 [ 537.877166][T15911] R13: 0000000020b5a500 R14: 0000000000000000 R15: 00007ffffffff000 [ 537.885171][T15911] ? copyout+0xa5/0xb0 [ 537.889239][T15911] copy_page_to_iter+0x254/0x8b0 [ 537.894243][T15911] pipe_to_user+0x71/0xc0 [ 537.898568][T15911] __splice_from_pipe+0x248/0x480 [ 537.903582][T15911] ? iter_to_pipe+0x3f0/0x3f0 [ 537.908257][T15911] do_vmsplice.part.0+0x1c5/0x210 [ 537.913280][T15911] __do_sys_vmsplice+0x15f/0x1c0 [ 537.918231][T15911] ? __read_once_size+0x5a/0xe0 [ 537.923085][T15911] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 537.928892][T15911] ? _copy_to_user+0x84/0xb0 [ 537.933493][T15911] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 537.939794][T15911] ? put_timespec64+0x94/0xc0 [ 537.944470][T15911] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 537.950708][T15911] __x64_sys_vmsplice+0x5e/0x80 [ 537.955566][T15911] do_syscall_64+0xcc/0x370 [ 537.960065][T15911] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 537.965944][T15911] RIP: 0033:0x45a639 [ 537.969848][T15911] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 537.989442][T15911] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 537.997882][T15911] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 538.005863][T15911] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 538.013826][T15911] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 538.021798][T15911] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 538.029772][T15911] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 538.038871][T15911] memory: usage 307200kB, limit 307200kB, failcnt 39633 [ 538.045822][T15911] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 538.052759][T15911] Memory cgroup stats for /syz5: [ 538.052945][T15911] anon 299843584 [ 538.052945][T15911] file 98304 [ 538.052945][T15911] kernel_stack 1216512 [ 538.052945][T15911] slab 2994176 [ 538.052945][T15911] sock 0 [ 538.052945][T15911] shmem 0 [ 538.052945][T15911] file_mapped 0 [ 538.052945][T15911] file_dirty 0 [ 538.052945][T15911] file_writeback 0 [ 538.052945][T15911] anon_thp 278921216 [ 538.052945][T15911] inactive_anon 0 [ 538.052945][T15911] active_anon 299909120 [ 538.052945][T15911] inactive_file 0 [ 538.052945][T15911] active_file 0 [ 538.052945][T15911] unevictable 0 [ 538.052945][T15911] slab_reclaimable 405504 [ 538.052945][T15911] slab_unreclaimable 2588672 [ 538.052945][T15911] pgfault 42735 [ 538.052945][T15911] pgmajfault 0 [ 538.052945][T15911] workingset_refault 0 [ 538.052945][T15911] workingset_activate 0 [ 538.052945][T15911] workingset_nodereclaim 0 [ 538.052945][T15911] pgrefill 23377 [ 538.052945][T15911] pgscan 23412 [ 538.052945][T15911] pgsteal 67 [ 538.052945][T15911] pgactivate 23331 [ 538.149045][T15911] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15894,uid=0 [ 538.164573][T15911] Memory cgroup out of memory: Killed process 15894 (syz-executor.5) total-vm:72980kB, anon-rss:11652kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 11:57:15 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 538.211394][ T1069] oom_reaper: reaped process 15894 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 11:57:15 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:15 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, 0x0) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:15 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x6600) 11:57:15 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x0, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 538.715741][T15946] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 538.726222][T15946] CPU: 1 PID: 15946 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 538.734132][T15946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 538.744204][T15946] Call Trace: [ 538.747587][T15946] dump_stack+0x11d/0x181 [ 538.751931][T15946] dump_header+0xaa/0x449 [ 538.756273][T15946] oom_kill_process.cold+0x10/0x15 [ 538.761392][T15946] out_of_memory+0x231/0xa00 [ 538.765995][T15946] mem_cgroup_out_of_memory+0x128/0x150 [ 538.771585][T15946] try_charge+0xb5c/0xbe0 [ 538.775964][T15946] mem_cgroup_try_charge+0xd2/0x260 [ 538.781217][T15946] mem_cgroup_try_charge_delay+0x3a/0x80 [ 538.786909][T15946] wp_page_copy+0x322/0x1120 [ 538.791539][T15946] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 538.797394][T15946] do_wp_page+0x192/0x11f0 [ 538.801827][T15946] ? __udelay+0x10/0x20 [ 538.805984][T15946] __handle_mm_fault+0x1ab1/0x2c70 [ 538.811103][T15946] handle_mm_fault+0x21b/0x530 [ 538.815870][T15946] __do_page_fault+0x456/0x8d0 [ 538.820704][T15946] ? cgroup_rstat_updated+0xbe/0x1e0 [ 538.826052][T15946] do_page_fault+0x38/0x194 [ 538.830563][T15946] page_fault+0x34/0x40 [ 538.834783][T15946] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 538.841377][T15946] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 538.861952][T15946] RSP: 0000:ffffc90002d5fbc0 EFLAGS: 00010206 [ 538.868017][T15946] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 538.875986][T15946] RDX: 0000000000001000 RSI: ffff88809cca0b00 RDI: 0000000020b5a000 [ 538.883958][T15946] RBP: ffffc90002d5fbf8 R08: ffff888120ec4100 R09: 0000888120ec4c18 [ 538.891920][T15946] R10: 0000000000000001 R11: 0000888120ec4c1f R12: 0000000020b59500 [ 538.899939][T15946] R13: 0000000020b5a500 R14: 0000000000000000 R15: 00007ffffffff000 [ 538.907917][T15946] ? copyout+0xa5/0xb0 [ 538.911982][T15946] copy_page_to_iter+0x254/0x8b0 [ 538.916984][T15946] pipe_to_user+0x71/0xc0 [ 538.921328][T15946] __splice_from_pipe+0x248/0x480 [ 538.926352][T15946] ? iter_to_pipe+0x3f0/0x3f0 [ 538.931025][T15946] do_vmsplice.part.0+0x1c5/0x210 [ 538.936134][T15946] __do_sys_vmsplice+0x15f/0x1c0 [ 538.941120][T15946] ? __read_once_size+0x5a/0xe0 [ 538.945964][T15946] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 538.951739][T15946] ? _copy_to_user+0x84/0xb0 [ 538.956327][T15946] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 538.962622][T15946] ? put_timespec64+0x94/0xc0 [ 538.967291][T15946] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 538.973575][T15946] __x64_sys_vmsplice+0x5e/0x80 [ 538.978445][T15946] do_syscall_64+0xcc/0x370 [ 538.982947][T15946] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 538.988828][T15946] RIP: 0033:0x45a639 [ 538.992720][T15946] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 539.012337][T15946] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 539.020774][T15946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 539.028748][T15946] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 539.036753][T15946] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 539.044760][T15946] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 539.052853][T15946] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 539.061864][T15946] memory: usage 307200kB, limit 307200kB, failcnt 39672 [ 539.068923][T15946] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 539.075790][T15946] Memory cgroup stats for /syz5: [ 539.076011][T15946] anon 299864064 [ 539.076011][T15946] file 98304 [ 539.076011][T15946] kernel_stack 1253376 [ 539.076011][T15946] slab 2994176 [ 539.076011][T15946] sock 0 [ 539.076011][T15946] shmem 0 [ 539.076011][T15946] file_mapped 0 [ 539.076011][T15946] file_dirty 0 [ 539.076011][T15946] file_writeback 0 [ 539.076011][T15946] anon_thp 278921216 [ 539.076011][T15946] inactive_anon 0 [ 539.076011][T15946] active_anon 299864064 [ 539.076011][T15946] inactive_file 0 [ 539.076011][T15946] active_file 0 [ 539.076011][T15946] unevictable 0 [ 539.076011][T15946] slab_reclaimable 405504 [ 539.076011][T15946] slab_unreclaimable 2588672 [ 539.076011][T15946] pgfault 43131 [ 539.076011][T15946] pgmajfault 0 [ 539.076011][T15946] workingset_refault 0 [ 539.076011][T15946] workingset_activate 0 [ 539.076011][T15946] workingset_nodereclaim 0 [ 539.076011][T15946] pgrefill 23377 [ 539.076011][T15946] pgscan 23412 [ 539.076011][T15946] pgsteal 67 [ 539.076011][T15946] pgactivate 23331 [ 539.172544][T15946] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15933,uid=0 [ 539.188978][T15946] Memory cgroup out of memory: Killed process 15933 (syz-executor.5) total-vm:72980kB, anon-rss:11652kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 539.211529][ T1069] oom_reaper: reaped process 15933 (syz-executor.5), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 11:57:16 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:16 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:16 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, 0x0) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x6700) 11:57:16 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x780f) 11:57:16 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, 0x0) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:16 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x0, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:17 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 540.433273][T16023] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 540.443530][T16023] CPU: 0 PID: 16023 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 540.451417][T16023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 540.461825][T16023] Call Trace: [ 540.465179][T16023] dump_stack+0x11d/0x181 [ 540.469701][T16023] dump_header+0xaa/0x449 [ 540.474052][T16023] oom_kill_process.cold+0x10/0x15 [ 540.479160][T16023] out_of_memory+0x231/0xa00 [ 540.483770][T16023] mem_cgroup_out_of_memory+0x128/0x150 [ 540.489343][T16023] try_charge+0xb5c/0xbe0 [ 540.493681][T16023] mem_cgroup_try_charge+0xd2/0x260 [ 540.498891][T16023] mem_cgroup_try_charge_delay+0x3a/0x80 [ 540.504602][T16023] wp_page_copy+0x322/0x1120 [ 540.509214][T16023] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 540.514940][T16023] do_wp_page+0x192/0x11f0 [ 540.519529][T16023] ? __udelay+0x10/0x20 [ 540.523752][T16023] __handle_mm_fault+0x1ab1/0x2c70 [ 540.528882][T16023] handle_mm_fault+0x21b/0x530 [ 540.533644][T16023] __do_page_fault+0x456/0x8d0 [ 540.538407][T16023] do_page_fault+0x38/0x194 [ 540.542901][T16023] page_fault+0x34/0x40 [ 540.547109][T16023] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 540.553701][T16023] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 540.573305][T16023] RSP: 0018:ffffc90002fbfbc0 EFLAGS: 00010206 [ 540.579368][T16023] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 540.587336][T16023] RDX: 0000000000001000 RSI: ffff8880a7a76b00 RDI: 0000000020b59000 [ 540.595308][T16023] RBP: ffffc90002fbfbf8 R08: ffff888120ec4100 R09: 0000888120ec4c18 [ 540.603280][T16023] R10: 0000000000000001 R11: 0000888120ec4c1f R12: 0000000020b58500 [ 540.611327][T16023] R13: 0000000020b59500 R14: 0000000000000000 R15: 00007ffffffff000 [ 540.619310][T16023] ? copyout+0xa5/0xb0 [ 540.623374][T16023] copy_page_to_iter+0x254/0x8b0 [ 540.628334][T16023] pipe_to_user+0x71/0xc0 [ 540.632659][T16023] __splice_from_pipe+0x248/0x480 [ 540.637721][T16023] ? iter_to_pipe+0x3f0/0x3f0 [ 540.643483][T16023] do_vmsplice.part.0+0x1c5/0x210 [ 540.648546][T16023] __do_sys_vmsplice+0x15f/0x1c0 [ 540.653500][T16023] ? __read_once_size+0x5a/0xe0 [ 540.658343][T16023] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 540.664115][T16023] ? _copy_to_user+0x84/0xb0 [ 540.668742][T16023] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 540.675085][T16023] ? put_timespec64+0x94/0xc0 [ 540.679768][T16023] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 540.686074][T16023] __x64_sys_vmsplice+0x5e/0x80 [ 540.691003][T16023] do_syscall_64+0xcc/0x370 [ 540.695511][T16023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 540.701391][T16023] RIP: 0033:0x45a639 [ 540.705362][T16023] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 540.724972][T16023] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 540.733390][T16023] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 540.741439][T16023] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 540.749413][T16023] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 540.757401][T16023] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 540.765663][T16023] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 540.774684][T16023] memory: usage 307200kB, limit 307200kB, failcnt 39693 11:57:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7c0f) [ 540.781669][T16023] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 540.788554][T16023] Memory cgroup stats for /syz5: [ 540.788806][T16023] anon 299864064 [ 540.788806][T16023] file 98304 [ 540.788806][T16023] kernel_stack 1216512 [ 540.788806][T16023] slab 2994176 [ 540.788806][T16023] sock 0 [ 540.788806][T16023] shmem 0 [ 540.788806][T16023] file_mapped 0 [ 540.788806][T16023] file_dirty 0 [ 540.788806][T16023] file_writeback 0 [ 540.788806][T16023] anon_thp 278921216 [ 540.788806][T16023] inactive_anon 0 [ 540.788806][T16023] active_anon 299864064 11:57:17 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) [ 540.788806][T16023] inactive_file 0 [ 540.788806][T16023] active_file 0 [ 540.788806][T16023] unevictable 0 [ 540.788806][T16023] slab_reclaimable 405504 [ 540.788806][T16023] slab_unreclaimable 2588672 [ 540.788806][T16023] pgfault 43956 [ 540.788806][T16023] pgmajfault 0 [ 540.788806][T16023] workingset_refault 0 [ 540.788806][T16023] workingset_activate 0 [ 540.788806][T16023] workingset_nodereclaim 0 [ 540.788806][T16023] pgrefill 23377 [ 540.788806][T16023] pgscan 23445 [ 540.788806][T16023] pgsteal 67 [ 540.788806][T16023] pgactivate 23331 [ 540.885199][T16023] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16010,uid=0 [ 540.900736][T16023] Memory cgroup out of memory: Killed process 16010 (syz-executor.5) total-vm:72980kB, anon-rss:11652kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 540.922125][ T1069] oom_reaper: reaped process 16010 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 11:57:17 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x0, 0x0}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:17 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:18 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x0, 0x0}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:18 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x0, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:18 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 541.512516][T16066] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 541.522787][T16066] CPU: 0 PID: 16066 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 541.530707][T16066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 541.540769][T16066] Call Trace: [ 541.544068][T16066] dump_stack+0x11d/0x181 [ 541.548418][T16066] dump_header+0xaa/0x449 [ 541.552811][T16066] oom_kill_process.cold+0x10/0x15 [ 541.557930][T16066] out_of_memory+0x231/0xa00 [ 541.562538][T16066] mem_cgroup_out_of_memory+0x128/0x150 [ 541.568121][T16066] try_charge+0xb5c/0xbe0 [ 541.572481][T16066] mem_cgroup_try_charge+0xd2/0x260 [ 541.577705][T16066] mem_cgroup_try_charge_delay+0x3a/0x80 [ 541.583417][T16066] wp_page_copy+0x322/0x1120 [ 541.588026][T16066] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 541.593759][T16066] do_wp_page+0x192/0x11f0 [ 541.598250][T16066] ? __udelay+0x10/0x20 [ 541.602420][T16066] __handle_mm_fault+0x1ab1/0x2c70 [ 541.607558][T16066] handle_mm_fault+0x21b/0x530 [ 541.612328][T16066] __do_page_fault+0x456/0x8d0 [ 541.617089][T16066] ? cgroup_rstat_updated+0xbe/0x1e0 [ 541.622373][T16066] do_page_fault+0x38/0x194 [ 541.626879][T16066] page_fault+0x34/0x40 [ 541.631039][T16066] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 541.637729][T16066] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 541.657359][T16066] RSP: 0018:ffffc90002e83bc0 EFLAGS: 00010206 [ 541.663444][T16066] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 541.671415][T16066] RDX: 0000000000001000 RSI: ffff88811f92bb00 RDI: 0000000020111000 [ 541.679453][T16066] RBP: ffffc90002e83bf8 R08: ffff8880a665c000 R09: 00008880a665cb18 [ 541.687474][T16066] R10: 0000000000000000 R11: 00008880a665cb1f R12: 0000000020110500 [ 541.695459][T16066] R13: 0000000020111500 R14: 0000000000000000 R15: 00007ffffffff000 [ 541.703455][T16066] ? copyout+0xa5/0xb0 [ 541.708328][T16066] copy_page_to_iter+0x254/0x8b0 [ 541.713292][T16066] pipe_to_user+0x71/0xc0 [ 541.717673][T16066] __splice_from_pipe+0x248/0x480 [ 541.722758][T16066] ? iter_to_pipe+0x3f0/0x3f0 [ 541.727538][T16066] do_vmsplice.part.0+0x1c5/0x210 [ 541.732622][T16066] __do_sys_vmsplice+0x15f/0x1c0 [ 541.737572][T16066] ? __read_once_size+0x5a/0xe0 [ 541.742432][T16066] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 541.748257][T16066] ? _copy_to_user+0x84/0xb0 [ 541.753037][T16066] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 541.759943][T16066] ? put_timespec64+0x94/0xc0 [ 541.764633][T16066] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 541.770888][T16066] __x64_sys_vmsplice+0x5e/0x80 [ 541.775766][T16066] do_syscall_64+0xcc/0x370 [ 541.780292][T16066] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 541.786185][T16066] RIP: 0033:0x45a639 [ 541.790131][T16066] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 541.809885][T16066] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 541.818622][T16066] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 541.826681][T16066] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 541.834787][T16066] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 541.842839][T16066] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 541.850829][T16066] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 541.859023][T16066] memory: usage 307200kB, limit 307200kB, failcnt 39762 [ 541.866029][T16066] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 541.872946][T16066] Memory cgroup stats for /syz5: [ 541.873104][T16066] anon 299737088 [ 541.873104][T16066] file 98304 [ 541.873104][T16066] kernel_stack 1253376 [ 541.873104][T16066] slab 2994176 [ 541.873104][T16066] sock 0 [ 541.873104][T16066] shmem 0 [ 541.873104][T16066] file_mapped 0 [ 541.873104][T16066] file_dirty 0 [ 541.873104][T16066] file_writeback 0 [ 541.873104][T16066] anon_thp 278921216 [ 541.873104][T16066] inactive_anon 0 [ 541.873104][T16066] active_anon 299667456 [ 541.873104][T16066] inactive_file 0 [ 541.873104][T16066] active_file 0 [ 541.873104][T16066] unevictable 0 [ 541.873104][T16066] slab_reclaimable 405504 [ 541.873104][T16066] slab_unreclaimable 2588672 [ 541.873104][T16066] pgfault 44682 [ 541.873104][T16066] pgmajfault 0 [ 541.873104][T16066] workingset_refault 0 [ 541.873104][T16066] workingset_activate 0 [ 541.873104][T16066] workingset_nodereclaim 0 [ 541.873104][T16066] pgrefill 23410 [ 541.873104][T16066] pgscan 23478 [ 541.873104][T16066] pgsteal 67 [ 541.873104][T16066] pgactivate 23331 [ 541.969960][T16066] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16056,uid=0 [ 541.985691][T16066] Memory cgroup out of memory: Killed process 16056 (syz-executor.5) total-vm:72980kB, anon-rss:10420kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 11:57:18 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008", 0x17}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:18 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(0x0, 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7ce1) 11:57:19 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x0, 0x0}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 542.378147][ C1] net_ratelimit: 26 callbacks suppressed [ 542.378158][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 542.389663][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 542.395437][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 542.401195][ C1] protocol 88fb is buggy, dev hsr_slave_1 11:57:19 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x0, 0x0}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7ce3) 11:57:19 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 542.928147][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 542.933947][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 542.955233][T16126] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 542.965543][T16126] CPU: 1 PID: 16126 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 542.973441][T16126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 542.983494][T16126] Call Trace: [ 542.986794][T16126] dump_stack+0x11d/0x181 [ 542.991187][T16126] dump_header+0xaa/0x449 [ 542.995522][T16126] oom_kill_process.cold+0x10/0x15 [ 543.000662][T16126] out_of_memory+0x231/0xa00 [ 543.005269][T16126] mem_cgroup_out_of_memory+0x128/0x150 [ 543.010876][T16126] try_charge+0xb5c/0xbe0 [ 543.015210][T16126] mem_cgroup_try_charge+0xd2/0x260 [ 543.020410][T16126] mem_cgroup_try_charge_delay+0x3a/0x80 [ 543.026038][T16126] wp_page_copy+0x322/0x1120 [ 543.030712][T16126] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 543.036694][T16126] do_wp_page+0x192/0x11f0 [ 543.041104][T16126] ? __udelay+0x10/0x20 [ 543.045271][T16126] __handle_mm_fault+0x1ab1/0x2c70 [ 543.050530][T16126] handle_mm_fault+0x21b/0x530 [ 543.055291][T16126] __do_page_fault+0x456/0x8d0 [ 543.060048][T16126] ? cgroup_rstat_updated+0xbe/0x1e0 [ 543.065329][T16126] do_page_fault+0x38/0x194 [ 543.069832][T16126] page_fault+0x34/0x40 [ 543.074148][T16126] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 543.080737][T16126] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 543.100397][T16126] RSP: 0018:ffffc900038efbc0 EFLAGS: 00010206 [ 543.106453][T16126] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 543.114509][T16126] RDX: 0000000000001000 RSI: ffff88809b088b00 RDI: 00000000204ef000 [ 543.122535][T16126] RBP: ffffc900038efbf8 R08: ffff888120de6100 R09: 0000888120de6c18 [ 543.130498][T16126] R10: 0000000000000001 R11: 0000888120de6c1f R12: 00000000204ee500 [ 543.138533][T16126] R13: 00000000204ef500 R14: 0000000000000000 R15: 00007ffffffff000 [ 543.146637][T16126] ? copyout+0xa5/0xb0 [ 543.150731][T16126] copy_page_to_iter+0x254/0x8b0 [ 543.155742][T16126] pipe_to_user+0x71/0xc0 [ 543.160184][T16126] __splice_from_pipe+0x248/0x480 [ 543.165202][T16126] ? iter_to_pipe+0x3f0/0x3f0 [ 543.169877][T16126] do_vmsplice.part.0+0x1c5/0x210 [ 543.174900][T16126] __do_sys_vmsplice+0x15f/0x1c0 [ 543.179989][T16126] ? __read_once_size+0x5a/0xe0 [ 543.184843][T16126] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 543.190554][T16126] ? _copy_to_user+0x84/0xb0 [ 543.195183][T16126] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 543.201525][T16126] ? put_timespec64+0x94/0xc0 [ 543.206629][T16126] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 543.212862][T16126] __x64_sys_vmsplice+0x5e/0x80 [ 543.217713][T16126] do_syscall_64+0xcc/0x370 [ 543.222212][T16126] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 543.228103][T16126] RIP: 0033:0x45a639 [ 543.231994][T16126] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 543.251764][T16126] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 543.260166][T16126] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 543.268136][T16126] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 543.276096][T16126] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 543.284116][T16126] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 543.292078][T16126] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 543.300157][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 543.305933][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 543.311759][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 543.317516][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 543.323375][T16126] memory: usage 307116kB, limit 307200kB, failcnt 39784 [ 543.330432][T16126] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 543.337400][T16126] Memory cgroup stats for /syz5: [ 543.337677][T16126] anon 299528192 [ 543.337677][T16126] file 98304 [ 543.337677][T16126] kernel_stack 1216512 [ 543.337677][T16126] slab 2994176 [ 543.337677][T16126] sock 0 [ 543.337677][T16126] shmem 0 [ 543.337677][T16126] file_mapped 0 [ 543.337677][T16126] file_dirty 0 [ 543.337677][T16126] file_writeback 0 [ 543.337677][T16126] anon_thp 278921216 [ 543.337677][T16126] inactive_anon 0 [ 543.337677][T16126] active_anon 299528192 [ 543.337677][T16126] inactive_file 0 [ 543.337677][T16126] active_file 0 [ 543.337677][T16126] unevictable 0 [ 543.337677][T16126] slab_reclaimable 405504 [ 543.337677][T16126] slab_unreclaimable 2588672 [ 543.337677][T16126] pgfault 45573 [ 543.337677][T16126] pgmajfault 0 [ 543.337677][T16126] workingset_refault 0 [ 543.337677][T16126] workingset_activate 0 [ 543.337677][T16126] workingset_nodereclaim 0 [ 543.337677][T16126] pgrefill 23443 [ 543.337677][T16126] pgscan 23478 [ 543.337677][T16126] pgsteal 67 11:57:20 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x0, 0x0}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 543.337677][T16126] pgactivate 23364 [ 543.433731][T16126] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15861,uid=0 [ 543.449230][T16126] Memory cgroup out of memory: Killed process 15861 (syz-executor.5) total-vm:72980kB, anon-rss:8372kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 543.471733][T16126] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 543.481920][T16126] CPU: 1 PID: 16126 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 543.489872][T16126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 543.499915][T16126] Call Trace: [ 543.503205][T16126] dump_stack+0x11d/0x181 [ 543.507530][T16126] dump_header+0xaa/0x449 [ 543.511855][T16126] oom_kill_process.cold+0x10/0x15 [ 543.526454][T16126] out_of_memory+0x231/0xa00 [ 543.531047][T16126] mem_cgroup_out_of_memory+0x128/0x150 [ 543.536679][T16126] try_charge+0xb5c/0xbe0 [ 543.541546][T16126] mem_cgroup_try_charge+0xd2/0x260 [ 543.546747][T16126] mem_cgroup_try_charge_delay+0x3a/0x80 [ 543.552373][T16126] wp_page_copy+0x322/0x1120 [ 543.556978][T16126] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 543.562732][T16126] do_wp_page+0x192/0x11f0 [ 543.567155][T16126] ? osq_unlock+0x45/0x120 [ 543.571589][T16126] __handle_mm_fault+0x1ab1/0x2c70 11:57:20 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008", 0x17}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:20 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(0x0, 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) [ 543.576724][T16126] handle_mm_fault+0x21b/0x530 [ 543.581504][T16126] __do_page_fault+0x456/0x8d0 [ 543.586276][T16126] do_page_fault+0x38/0x194 [ 543.590886][T16126] page_fault+0x34/0x40 [ 543.595126][T16126] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 543.601792][T16126] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 543.621604][T16126] RSP: 0018:ffffc900038efbc0 EFLAGS: 00010206 [ 543.627677][T16126] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 543.635641][T16126] RDX: 0000000000001000 RSI: ffff88809b088b00 RDI: 0000000020502000 [ 543.643605][T16126] RBP: ffffc900038efbf8 R08: ffff888120de6100 R09: 0000888120de6c18 [ 543.651580][T16126] R10: 0000000000000001 R11: 0000888120de6c1f R12: 0000000020501500 [ 543.659564][T16126] R13: 0000000020502500 R14: 0000000000000000 R15: 00007ffffffff000 [ 543.667548][T16126] ? copyout+0xa5/0xb0 [ 543.671613][T16126] copy_page_to_iter+0x254/0x8b0 [ 543.676606][T16126] pipe_to_user+0x71/0xc0 [ 543.680942][T16126] __splice_from_pipe+0x248/0x480 [ 543.686041][T16126] ? iter_to_pipe+0x3f0/0x3f0 [ 543.690786][T16126] do_vmsplice.part.0+0x1c5/0x210 [ 543.695817][T16126] __do_sys_vmsplice+0x15f/0x1c0 [ 543.700784][T16126] ? __read_once_size+0x5a/0xe0 [ 543.705626][T16126] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 543.715694][T16126] ? _copy_to_user+0x84/0xb0 [ 543.720289][T16126] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 543.726559][T16126] ? put_timespec64+0x94/0xc0 [ 543.731230][T16126] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 543.737646][T16126] __x64_sys_vmsplice+0x5e/0x80 [ 543.742495][T16126] do_syscall_64+0xcc/0x370 [ 543.747024][T16126] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 543.752903][T16126] RIP: 0033:0x45a639 [ 543.756793][T16126] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 543.776395][T16126] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 543.784815][T16126] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 543.792774][T16126] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 543.800732][T16126] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 543.808916][T16126] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 543.816877][T16126] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 543.825008][T16126] memory: usage 298704kB, limit 307200kB, failcnt 39820 [ 543.832052][T16126] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 543.838915][T16126] Memory cgroup stats for /syz5: [ 543.839155][T16126] anon 291205120 [ 543.839155][T16126] file 98304 [ 543.839155][T16126] kernel_stack 1216512 [ 543.839155][T16126] slab 2994176 [ 543.839155][T16126] sock 0 [ 543.839155][T16126] shmem 0 [ 543.839155][T16126] file_mapped 0 [ 543.839155][T16126] file_dirty 0 [ 543.839155][T16126] file_writeback 0 [ 543.839155][T16126] anon_thp 270532608 [ 543.839155][T16126] inactive_anon 0 [ 543.839155][T16126] active_anon 291205120 [ 543.839155][T16126] inactive_file 0 [ 543.839155][T16126] active_file 0 [ 543.839155][T16126] unevictable 0 [ 543.839155][T16126] slab_reclaimable 405504 [ 543.839155][T16126] slab_unreclaimable 2588672 [ 543.839155][T16126] pgfault 45573 [ 543.839155][T16126] pgmajfault 0 [ 543.839155][T16126] workingset_refault 0 [ 543.839155][T16126] workingset_activate 0 [ 543.839155][T16126] workingset_nodereclaim 0 [ 543.839155][T16126] pgrefill 23443 [ 543.839155][T16126] pgscan 23478 [ 543.839155][T16126] pgsteal 67 [ 543.839155][T16126] pgactivate 23397 [ 543.936824][T16126] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10326,uid=0 [ 543.952294][T16126] Memory cgroup out of memory: Killed process 10326 (syz-executor.5) total-vm:72980kB, anon-rss:8372kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 543.970827][T16116] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 543.981060][T16116] CPU: 0 PID: 16116 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 543.989029][T16116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 543.999321][T16116] Call Trace: [ 544.002608][T16116] dump_stack+0x11d/0x181 [ 544.006933][T16116] dump_header+0xaa/0x449 [ 544.011260][T16116] oom_kill_process.cold+0x10/0x15 [ 544.016363][T16116] out_of_memory+0x231/0xa00 [ 544.020954][T16116] mem_cgroup_out_of_memory+0x128/0x150 [ 544.026534][T16116] try_charge+0x7f5/0xbe0 [ 544.030856][T16116] ? __rcu_read_unlock+0x50/0x3c0 [ 544.035869][T16116] ? should_fail+0xd4/0x45d [ 544.040434][T16116] ? __rcu_read_unlock+0x66/0x3c0 [ 544.045558][T16116] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 544.051006][T16116] ? get_mem_cgroup_from_mm+0xb6/0x1c0 [ 544.056468][T16116] __memcg_kmem_charge+0xde/0x240 [ 544.061503][T16116] copy_process+0x11d2/0x3b50 [ 544.066171][T16116] ? record_times+0x16/0x90 [ 544.070747][T16116] ? psi_task_change+0x1ad/0x2d0 [ 544.075688][T16116] _do_fork+0xfe/0x6e0 [ 544.079762][T16116] ? preempt_count_add+0x48/0xb0 [ 544.084691][T16116] ? blkcg_maybe_throttle_current+0x472/0x610 [ 544.090743][T16116] ? percpu_ref_put_many+0x78/0xc0 [ 544.095847][T16116] __x64_sys_clone+0x12b/0x160 [ 544.100607][T16116] do_syscall_64+0xcc/0x370 [ 544.105140][T16116] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 544.111028][T16116] RIP: 0033:0x45d009 [ 544.114985][T16116] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 544.134600][T16116] RSP: 002b:00007ffd5a083408 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 544.143008][T16116] RAX: ffffffffffffffda RBX: 00007fae92906700 RCX: 000000000045d009 [ 544.150969][T16116] RDX: 00007fae929069d0 RSI: 00007fae92905db0 RDI: 00000000003d0f00 [ 544.158931][T16116] RBP: 00007ffd5a083620 R08: 00007fae92906700 R09: 00007fae92906700 [ 544.166986][T16116] R10: 00007fae929069d0 R11: 0000000000000202 R12: 0000000000000000 [ 544.175043][T16116] R13: 00007ffd5a0834bf R14: 00007fae929069c0 R15: 000000000075c1cc [ 544.183474][T16116] memory: usage 298836kB, limit 307200kB, failcnt 39820 [ 544.190633][T16116] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 544.198393][T16116] Memory cgroup stats for /syz5: [ 544.198611][T16116] anon 291205120 [ 544.198611][T16116] file 98304 [ 544.198611][T16116] kernel_stack 1216512 [ 544.198611][T16116] slab 2994176 [ 544.198611][T16116] sock 0 [ 544.198611][T16116] shmem 0 [ 544.198611][T16116] file_mapped 0 [ 544.198611][T16116] file_dirty 0 [ 544.198611][T16116] file_writeback 0 [ 544.198611][T16116] anon_thp 270532608 [ 544.198611][T16116] inactive_anon 0 [ 544.198611][T16116] active_anon 291205120 [ 544.198611][T16116] inactive_file 0 [ 544.198611][T16116] active_file 0 [ 544.198611][T16116] unevictable 0 [ 544.198611][T16116] slab_reclaimable 405504 [ 544.198611][T16116] slab_unreclaimable 2588672 [ 544.198611][T16116] pgfault 45606 [ 544.198611][T16116] pgmajfault 0 [ 544.198611][T16116] workingset_refault 0 [ 544.198611][T16116] workingset_activate 0 [ 544.198611][T16116] workingset_nodereclaim 0 [ 544.198611][T16116] pgrefill 23443 [ 544.198611][T16116] pgscan 23478 [ 544.198611][T16116] pgsteal 67 [ 544.198611][T16116] pgactivate 23397 [ 544.294798][T16116] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10234,uid=0 [ 544.310357][T16116] Memory cgroup out of memory: Killed process 10234 (syz-executor.5) total-vm:72980kB, anon-rss:8372kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 11:57:20 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(0x0, 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:21 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7ce5) 11:57:21 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x0, 0x0}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:21 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x0, 0x0}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7ce7) 11:57:22 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008", 0x17}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:22 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(0x0, 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:22 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(0x0, 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:22 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:22 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7ce9) 11:57:23 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7ceb) 11:57:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:23 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:23 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200", 0x23}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:23 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(0x0, 0x1, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7ced) 11:57:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:24 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7cef) 11:57:24 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 547.408135][ C1] net_ratelimit: 20 callbacks suppressed [ 547.408151][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 547.419611][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 547.425384][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 547.431136][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 547.436900][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 547.442649][ C1] protocol 88fb is buggy, dev hsr_slave_1 11:57:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7cf1) 11:57:24 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200", 0x23}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:24 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:24 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:24 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:25 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7cf3) 11:57:25 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:25 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 548.608252][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 548.614101][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 548.619926][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 548.625685][ C1] protocol 88fb is buggy, dev hsr_slave_1 11:57:25 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200", 0x23}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7cf5) [ 548.845859][T16359] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 548.856130][T16359] CPU: 1 PID: 16359 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 548.864066][T16359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 548.874120][T16359] Call Trace: [ 548.877447][T16359] dump_stack+0x11d/0x181 [ 548.881811][T16359] dump_header+0xaa/0x449 [ 548.886141][T16359] oom_kill_process.cold+0x10/0x15 [ 548.891248][T16359] out_of_memory+0x231/0xa00 [ 548.895939][T16359] mem_cgroup_out_of_memory+0x128/0x150 [ 548.901482][T16359] try_charge+0xb5c/0xbe0 [ 548.905975][T16359] mem_cgroup_try_charge+0xd2/0x260 [ 548.911177][T16359] mem_cgroup_try_charge_delay+0x3a/0x80 [ 548.916834][T16359] wp_page_copy+0x322/0x1120 [ 548.921441][T16359] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 548.927178][T16359] do_wp_page+0x192/0x11f0 [ 548.931591][T16359] ? __udelay+0x10/0x20 [ 548.935778][T16359] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 11:57:25 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:25 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) [ 548.942103][T16359] ? debug_smp_processor_id+0x4c/0x172 [ 548.947571][T16359] __handle_mm_fault+0x1ab1/0x2c70 [ 548.952693][T16359] handle_mm_fault+0x21b/0x530 [ 548.957584][T16359] __do_page_fault+0x456/0x8d0 [ 548.962412][T16359] ? cgroup_rstat_updated+0xbe/0x1e0 [ 548.967729][T16359] do_page_fault+0x38/0x194 [ 548.972295][T16359] page_fault+0x34/0x40 [ 548.976447][T16359] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 548.983021][T16359] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 549.002673][T16359] RSP: 0018:ffffc90003f13bc0 EFLAGS: 00010206 [ 549.008788][T16359] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 549.016789][T16359] RDX: 0000000000001000 RSI: ffff8880a70deb00 RDI: 0000000020701000 [ 549.024748][T16359] RBP: ffffc90003f13bf8 R08: ffff8880b0c91100 R09: 00008880b0c91c18 [ 549.032704][T16359] R10: 0000000000000001 R11: 00008880b0c91c1f R12: 0000000020700500 [ 549.040730][T16359] R13: 0000000020701500 R14: 0000000000000000 R15: 00007ffffffff000 [ 549.048893][T16359] ? copyout+0xa5/0xb0 [ 549.053040][T16359] copy_page_to_iter+0x254/0x8b0 [ 549.057979][T16359] pipe_to_user+0x71/0xc0 [ 549.062307][T16359] __splice_from_pipe+0x248/0x480 [ 549.067312][T16359] ? iter_to_pipe+0x3f0/0x3f0 [ 549.071975][T16359] do_vmsplice.part.0+0x1c5/0x210 [ 549.076981][T16359] __do_sys_vmsplice+0x15f/0x1c0 [ 549.081915][T16359] ? __read_once_size+0x5a/0xe0 [ 549.086749][T16359] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 549.092453][T16359] ? _copy_to_user+0x84/0xb0 [ 549.097088][T16359] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 549.103312][T16359] ? put_timespec64+0x94/0xc0 [ 549.108036][T16359] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 549.114387][T16359] __x64_sys_vmsplice+0x5e/0x80 [ 549.119305][T16359] do_syscall_64+0xcc/0x370 [ 549.123822][T16359] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 549.129704][T16359] RIP: 0033:0x45a639 [ 549.133603][T16359] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 549.153196][T16359] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 549.161602][T16359] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 549.169581][T16359] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 549.177543][T16359] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 549.185502][T16359] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 549.193473][T16359] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 549.201669][T16359] memory: usage 307200kB, limit 307200kB, failcnt 39874 [ 549.208630][T16359] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 549.215472][T16359] Memory cgroup stats for /syz5: [ 549.215782][T16359] anon 299540480 [ 549.215782][T16359] file 98304 [ 549.215782][T16359] kernel_stack 1216512 [ 549.215782][T16359] slab 3129344 [ 549.215782][T16359] sock 0 [ 549.215782][T16359] shmem 0 [ 549.215782][T16359] file_mapped 0 [ 549.215782][T16359] file_dirty 0 [ 549.215782][T16359] file_writeback 0 [ 549.215782][T16359] anon_thp 278921216 [ 549.215782][T16359] inactive_anon 0 [ 549.215782][T16359] active_anon 299540480 [ 549.215782][T16359] inactive_file 0 [ 549.215782][T16359] active_file 0 [ 549.215782][T16359] unevictable 0 [ 549.215782][T16359] slab_reclaimable 405504 [ 549.215782][T16359] slab_unreclaimable 2723840 [ 549.215782][T16359] pgfault 46860 [ 549.215782][T16359] pgmajfault 0 [ 549.215782][T16359] workingset_refault 0 [ 549.215782][T16359] workingset_activate 0 [ 549.215782][T16359] workingset_nodereclaim 0 [ 549.215782][T16359] pgrefill 23510 [ 549.215782][T16359] pgscan 23544 [ 549.215782][T16359] pgsteal 67 [ 549.215782][T16359] pgactivate 23463 [ 549.312003][T16359] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16346,uid=0 [ 549.327512][T16359] Memory cgroup out of memory: Killed process 16346 (syz-executor.5) total-vm:72980kB, anon-rss:10420kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 [ 549.353061][T16359] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 549.363386][T16359] CPU: 1 PID: 16359 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 549.371319][T16359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 549.381382][T16359] Call Trace: [ 549.384668][T16359] dump_stack+0x11d/0x181 [ 549.388994][T16359] dump_header+0xaa/0x449 [ 549.393319][T16359] oom_kill_process.cold+0x10/0x15 [ 549.398425][T16359] out_of_memory+0x231/0xa00 [ 549.403015][T16359] mem_cgroup_out_of_memory+0x128/0x150 [ 549.408640][T16359] try_charge+0xb5c/0xbe0 [ 549.412975][T16359] mem_cgroup_try_charge+0xd2/0x260 [ 549.418173][T16359] mem_cgroup_try_charge_delay+0x3a/0x80 [ 549.423800][T16359] wp_page_copy+0x322/0x1120 [ 549.428491][T16359] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 549.434218][T16359] do_wp_page+0x192/0x11f0 [ 549.438676][T16359] ? osq_unlock+0x45/0x120 [ 549.443094][T16359] __handle_mm_fault+0x1ab1/0x2c70 [ 549.448214][T16359] handle_mm_fault+0x21b/0x530 [ 549.452990][T16359] __do_page_fault+0x456/0x8d0 [ 549.457816][T16359] do_page_fault+0x38/0x194 [ 549.462399][T16359] page_fault+0x34/0x40 [ 549.466566][T16359] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 549.473173][T16359] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 549.492878][T16359] RSP: 0018:ffffc90003f13bc0 EFLAGS: 00010206 [ 549.498934][T16359] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 549.506897][T16359] RDX: 0000000000001000 RSI: ffff8880a70deb00 RDI: 000000002071a000 [ 549.514867][T16359] RBP: ffffc90003f13bf8 R08: ffff8880b0c91100 R09: 00008880b0c91c18 [ 549.522832][T16359] R10: 0000000000000001 R11: 00008880b0c91c1f R12: 0000000020719500 [ 549.530816][T16359] R13: 000000002071a500 R14: 0000000000000000 R15: 00007ffffffff000 [ 549.538807][T16359] ? copyout+0xa5/0xb0 [ 549.543148][T16359] copy_page_to_iter+0x254/0x8b0 [ 549.548227][T16359] pipe_to_user+0x71/0xc0 [ 549.552550][T16359] __splice_from_pipe+0x248/0x480 [ 549.557576][T16359] ? iter_to_pipe+0x3f0/0x3f0 [ 549.562270][T16359] do_vmsplice.part.0+0x1c5/0x210 [ 549.567325][T16359] __do_sys_vmsplice+0x15f/0x1c0 [ 549.572307][T16359] ? __read_once_size+0x5a/0xe0 [ 549.577164][T16359] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 549.582955][T16359] ? _copy_to_user+0x84/0xb0 [ 549.587539][T16359] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 549.593790][T16359] ? put_timespec64+0x94/0xc0 [ 549.598507][T16359] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 549.604929][T16359] __x64_sys_vmsplice+0x5e/0x80 [ 549.609779][T16359] do_syscall_64+0xcc/0x370 [ 549.614290][T16359] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 549.620170][T16359] RIP: 0033:0x45a639 [ 549.624065][T16359] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 549.643710][T16359] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 549.652136][T16359] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 549.660098][T16359] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 549.668226][T16359] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 549.676198][T16359] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 549.684171][T16359] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 549.692201][T16359] memory: usage 307200kB, limit 307200kB, failcnt 39917 [ 549.699137][T16359] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 549.705963][T16359] Memory cgroup stats for /syz5: [ 549.706092][T16359] anon 299675648 [ 549.706092][T16359] file 98304 [ 549.706092][T16359] kernel_stack 1216512 [ 549.706092][T16359] slab 3129344 [ 549.706092][T16359] sock 0 [ 549.706092][T16359] shmem 0 [ 549.706092][T16359] file_mapped 0 [ 549.706092][T16359] file_dirty 0 [ 549.706092][T16359] file_writeback 0 [ 549.706092][T16359] anon_thp 278921216 [ 549.706092][T16359] inactive_anon 0 [ 549.706092][T16359] active_anon 299675648 [ 549.706092][T16359] inactive_file 0 [ 549.706092][T16359] active_file 0 [ 549.706092][T16359] unevictable 0 [ 549.706092][T16359] slab_reclaimable 405504 [ 549.706092][T16359] slab_unreclaimable 2723840 [ 549.706092][T16359] pgfault 46893 [ 549.706092][T16359] pgmajfault 0 [ 549.706092][T16359] workingset_refault 0 [ 549.706092][T16359] workingset_activate 0 [ 549.706092][T16359] workingset_nodereclaim 0 [ 549.706092][T16359] pgrefill 23576 [ 549.706092][T16359] pgscan 23611 [ 549.706092][T16359] pgsteal 67 [ 549.706092][T16359] pgactivate 23496 [ 549.802125][T16359] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16334,uid=0 [ 549.817673][T16359] Memory cgroup out of memory: Killed process 16334 (syz-executor.5) total-vm:72980kB, anon-rss:8372kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 550.651669][ T1069] oom_reaper: reaped process 16334 (syz-executor.5), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 11:57:27 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:27 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:27 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:28 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:28 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7cf7) [ 551.791979][T16416] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 551.803153][T16416] CPU: 1 PID: 16416 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 551.811047][T16416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 551.821103][T16416] Call Trace: [ 551.824404][T16416] dump_stack+0x11d/0x181 [ 551.828739][T16416] dump_header+0xaa/0x449 [ 551.833072][T16416] oom_kill_process.cold+0x10/0x15 11:57:28 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 551.838189][T16416] out_of_memory+0x231/0xa00 [ 551.842859][T16416] mem_cgroup_out_of_memory+0x128/0x150 [ 551.848422][T16416] try_charge+0xb5c/0xbe0 [ 551.852800][T16416] mem_cgroup_try_charge+0xd2/0x260 [ 551.858019][T16416] mem_cgroup_try_charge_delay+0x3a/0x80 [ 551.863726][T16416] wp_page_copy+0x322/0x1120 [ 551.868324][T16416] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 551.874054][T16416] do_wp_page+0x192/0x11f0 [ 551.878468][T16416] ? __handle_mm_fault+0x122/0x2c70 [ 551.883676][T16416] __handle_mm_fault+0x1ab1/0x2c70 [ 551.888865][T16416] handle_mm_fault+0x21b/0x530 [ 551.893632][T16416] __do_page_fault+0x456/0x8d0 [ 551.898389][T16416] ? cgroup_rstat_updated+0xbe/0x1e0 [ 551.903681][T16416] do_page_fault+0x38/0x194 [ 551.908222][T16416] page_fault+0x34/0x40 [ 551.912372][T16416] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 551.919659][T16416] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 551.939949][T16416] RSP: 0018:ffffc90004203bc0 EFLAGS: 00010206 [ 551.946033][T16416] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 551.953998][T16416] RDX: 0000000000001000 RSI: ffff88812582cb00 RDI: 0000000020f46000 [ 551.961961][T16416] RBP: ffffc90004203bf8 R08: ffff888120de6100 R09: 0000888120de6c18 [ 551.969936][T16416] R10: 0000000000000000 R11: 0000888120de6c1f R12: 0000000020f45500 [ 551.977900][T16416] R13: 0000000020f46500 R14: 0000000000000000 R15: 00007ffffffff000 [ 551.985883][T16416] ? copyout+0xa5/0xb0 [ 551.990021][T16416] copy_page_to_iter+0x254/0x8b0 [ 551.995043][T16416] pipe_to_user+0x71/0xc0 [ 551.999365][T16416] __splice_from_pipe+0x248/0x480 [ 552.004445][T16416] ? iter_to_pipe+0x3f0/0x3f0 [ 552.009120][T16416] do_vmsplice.part.0+0x1c5/0x210 [ 552.014155][T16416] __do_sys_vmsplice+0x15f/0x1c0 [ 552.019108][T16416] ? __read_once_size+0x5a/0xe0 [ 552.023999][T16416] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 552.029713][T16416] ? _copy_to_user+0x84/0xb0 [ 552.034300][T16416] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 552.040533][T16416] ? put_timespec64+0x94/0xc0 [ 552.045341][T16416] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 552.051620][T16416] __x64_sys_vmsplice+0x5e/0x80 [ 552.056548][T16416] do_syscall_64+0xcc/0x370 [ 552.061058][T16416] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 552.066982][T16416] RIP: 0033:0x45a639 [ 552.070888][T16416] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 552.090495][T16416] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 552.099335][T16416] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 552.112039][T16416] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 552.120215][T16416] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 552.128618][T16416] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 552.136581][T16416] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 552.145680][T16416] memory: usage 307200kB, limit 307200kB, failcnt 42041 [ 552.152683][T16416] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 552.159553][T16416] Memory cgroup stats for /syz5: [ 552.159729][T16416] anon 299728896 [ 552.159729][T16416] file 98304 [ 552.159729][T16416] kernel_stack 1253376 [ 552.159729][T16416] slab 3129344 [ 552.159729][T16416] sock 0 [ 552.159729][T16416] shmem 0 [ 552.159729][T16416] file_mapped 0 [ 552.159729][T16416] file_dirty 0 11:57:29 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) [ 552.159729][T16416] file_writeback 0 [ 552.159729][T16416] anon_thp 278921216 [ 552.159729][T16416] inactive_anon 0 [ 552.159729][T16416] active_anon 299728896 [ 552.159729][T16416] inactive_file 0 [ 552.159729][T16416] active_file 0 [ 552.159729][T16416] unevictable 0 [ 552.159729][T16416] slab_reclaimable 405504 [ 552.159729][T16416] slab_unreclaimable 2723840 [ 552.159729][T16416] pgfault 47619 [ 552.159729][T16416] pgmajfault 0 [ 552.159729][T16416] workingset_refault 0 [ 552.159729][T16416] workingset_activate 0 [ 552.159729][T16416] workingset_nodereclaim 0 [ 552.159729][T16416] pgrefill 29703 [ 552.159729][T16416] pgscan 29734 [ 552.159729][T16416] pgsteal 67 [ 552.159729][T16416] pgactivate 29634 [ 552.255904][T16416] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16409,uid=0 [ 552.271564][T16416] Memory cgroup out of memory: Killed process 16409 (syz-executor.5) total-vm:72980kB, anon-rss:15740kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:159744kB oom_score_adj:1000 11:57:29 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:29 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200000000000000", 0x29}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) [ 552.293204][ T1069] oom_reaper: reaped process 16409 (syz-executor.5), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 11:57:29 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, 0x0, 0x0) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:29 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:29 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7cf9) [ 552.698128][ C1] net_ratelimit: 14 callbacks suppressed [ 552.698138][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 552.709613][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 552.715413][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 552.721181][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 552.727559][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 552.733335][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 552.768148][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 552.773961][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 552.779768][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 552.785522][ C1] protocol 88fb is buggy, dev hsr_slave_1 11:57:29 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:29 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, 0x0, 0x0) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 553.247041][T16475] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 553.258659][T16475] CPU: 0 PID: 16475 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 553.266547][T16475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 553.276605][T16475] Call Trace: [ 553.279972][T16475] dump_stack+0x11d/0x181 [ 553.284348][T16475] dump_header+0xaa/0x449 [ 553.288694][T16475] oom_kill_process.cold+0x10/0x15 [ 553.293900][T16475] out_of_memory+0x231/0xa00 [ 553.298510][T16475] mem_cgroup_out_of_memory+0x128/0x150 [ 553.304156][T16475] try_charge+0xb5c/0xbe0 [ 553.308625][T16475] mem_cgroup_try_charge+0xd2/0x260 [ 553.313825][T16475] mem_cgroup_try_charge_delay+0x3a/0x80 [ 553.319522][T16475] wp_page_copy+0x322/0x1120 [ 553.324230][T16475] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 553.329969][T16475] do_wp_page+0x192/0x11f0 [ 553.334411][T16475] __handle_mm_fault+0x1ab1/0x2c70 [ 553.339615][T16475] handle_mm_fault+0x21b/0x530 [ 553.344446][T16475] __do_page_fault+0x456/0x8d0 [ 553.349223][T16475] ? cgroup_rstat_updated+0xbe/0x1e0 [ 553.354527][T16475] do_page_fault+0x38/0x194 [ 553.359094][T16475] page_fault+0x34/0x40 [ 553.363281][T16475] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 553.369895][T16475] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 553.389490][T16475] RSP: 0018:ffffc9000849fbc0 EFLAGS: 00010206 [ 553.395543][T16475] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 553.403505][T16475] RDX: 0000000000001000 RSI: ffff8880b0c8cb00 RDI: 0000000020900000 [ 553.411469][T16475] RBP: ffffc9000849fbf8 R08: ffff888097d8e080 R09: 0000888097d8eb98 [ 553.419442][T16475] R10: 0000000000000001 R11: 0000888097d8eb9f R12: 00000000208ff500 [ 553.427403][T16475] R13: 0000000020900500 R14: 0000000000000000 R15: 00007ffffffff000 [ 553.435458][T16475] ? copyout+0xa5/0xb0 [ 553.439562][T16475] copy_page_to_iter+0x254/0x8b0 [ 553.444508][T16475] pipe_to_user+0x71/0xc0 [ 553.448833][T16475] __splice_from_pipe+0x248/0x480 [ 553.453847][T16475] ? iter_to_pipe+0x3f0/0x3f0 [ 553.458520][T16475] do_vmsplice.part.0+0x1c5/0x210 [ 553.463613][T16475] __do_sys_vmsplice+0x15f/0x1c0 [ 553.468548][T16475] ? __read_once_size+0x5a/0xe0 [ 553.473408][T16475] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 553.479123][T16475] ? _copy_to_user+0x84/0xb0 [ 553.483706][T16475] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 553.489935][T16475] ? put_timespec64+0x94/0xc0 [ 553.494670][T16475] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 553.501091][T16475] __x64_sys_vmsplice+0x5e/0x80 [ 553.505937][T16475] do_syscall_64+0xcc/0x370 [ 553.510529][T16475] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 553.516429][T16475] RIP: 0033:0x45a639 [ 553.520327][T16475] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 553.539948][T16475] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 553.548353][T16475] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 553.556314][T16475] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 553.564308][T16475] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 553.572277][T16475] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 553.580270][T16475] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 553.588673][T16475] memory: usage 307200kB, limit 307200kB, failcnt 42075 [ 553.597191][T16475] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 553.604060][T16475] Memory cgroup stats for /syz5: [ 553.604267][T16475] anon 299581440 [ 553.604267][T16475] file 98304 [ 553.604267][T16475] kernel_stack 1290240 [ 553.604267][T16475] slab 3129344 [ 553.604267][T16475] sock 0 [ 553.604267][T16475] shmem 0 [ 553.604267][T16475] file_mapped 0 [ 553.604267][T16475] file_dirty 0 [ 553.604267][T16475] file_writeback 0 [ 553.604267][T16475] anon_thp 278921216 [ 553.604267][T16475] inactive_anon 0 [ 553.604267][T16475] active_anon 299581440 [ 553.604267][T16475] inactive_file 0 [ 553.604267][T16475] active_file 0 [ 553.604267][T16475] unevictable 0 [ 553.604267][T16475] slab_reclaimable 405504 [ 553.604267][T16475] slab_unreclaimable 2723840 [ 553.604267][T16475] pgfault 48048 [ 553.604267][T16475] pgmajfault 0 [ 553.604267][T16475] workingset_refault 0 [ 553.604267][T16475] workingset_activate 0 [ 553.604267][T16475] workingset_nodereclaim 0 [ 553.604267][T16475] pgrefill 29703 [ 553.604267][T16475] pgscan 29734 [ 553.604267][T16475] pgsteal 67 11:57:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7cfb) 11:57:30 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200000000000000", 0x29}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) [ 553.604267][T16475] pgactivate 29667 [ 553.700737][T16475] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16406,uid=0 [ 553.716303][T16475] Memory cgroup out of memory: Killed process 16406 (syz-executor.5) total-vm:72980kB, anon-rss:10420kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 [ 553.736672][ T1069] oom_reaper: reaped process 16406 (syz-executor.5), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 11:57:30 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, 0x0, 0x0) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:30 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) 11:57:30 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r2) close(r3) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r3, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r2, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:30 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x800) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) [ 554.012560][T16501] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 554.022928][T16501] CPU: 0 PID: 16501 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 554.036253][T16501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 554.046437][T16501] Call Trace: [ 554.049768][T16501] dump_stack+0x11d/0x181 [ 554.054117][T16501] dump_header+0xaa/0x449 [ 554.058470][T16501] oom_kill_process.cold+0x10/0x15 [ 554.063596][T16501] out_of_memory+0x231/0xa00 [ 554.068208][T16501] mem_cgroup_out_of_memory+0x128/0x150 [ 554.073817][T16501] try_charge+0xb5c/0xbe0 [ 554.078227][T16501] mem_cgroup_try_charge+0xd2/0x260 [ 554.083459][T16501] mem_cgroup_try_charge_delay+0x3a/0x80 [ 554.089142][T16501] wp_page_copy+0x322/0x1120 [ 554.093800][T16501] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 554.099530][T16501] do_wp_page+0x192/0x11f0 [ 554.103951][T16501] ? __udelay+0x10/0x20 [ 554.108120][T16501] __handle_mm_fault+0x1ab1/0x2c70 [ 554.113232][T16501] ? delay_tsc+0x8f/0xc0 [ 554.117495][T16501] handle_mm_fault+0x21b/0x530 [ 554.122342][T16501] __do_page_fault+0x456/0x8d0 [ 554.127110][T16501] ? cgroup_rstat_updated+0xbe/0x1e0 [ 554.132494][T16501] do_page_fault+0x38/0x194 [ 554.137025][T16501] page_fault+0x34/0x40 [ 554.141199][T16501] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 554.147796][T16501] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 554.167453][T16501] RSP: 0000:ffffc90008467bc0 EFLAGS: 00010206 [ 554.173591][T16501] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 554.181576][T16501] RDX: 0000000000001000 RSI: ffff88809b337b00 RDI: 000000002030c000 [ 554.189569][T16501] RBP: ffffc90008467bf8 R08: ffff88809e23a100 R09: 000088809e23ac18 [ 554.197553][T16501] R10: 0000000000000000 R11: 000088809e23ac1f R12: 000000002030b500 [ 554.205595][T16501] R13: 000000002030c500 R14: 0000000000000000 R15: 00007ffffffff000 [ 554.213687][T16501] ? copyout+0xa5/0xb0 [ 554.217801][T16501] copy_page_to_iter+0x254/0x8b0 [ 554.222761][T16501] pipe_to_user+0x71/0xc0 [ 554.227157][T16501] __splice_from_pipe+0x248/0x480 [ 554.232188][T16501] ? iter_to_pipe+0x3f0/0x3f0 [ 554.236916][T16501] do_vmsplice.part.0+0x1c5/0x210 [ 554.241980][T16501] __do_sys_vmsplice+0x15f/0x1c0 [ 554.247012][T16501] ? __read_once_size+0x5a/0xe0 [ 554.251873][T16501] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 554.257681][T16501] ? _copy_to_user+0x84/0xb0 [ 554.262279][T16501] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 554.268593][T16501] ? put_timespec64+0x94/0xc0 [ 554.273376][T16501] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 554.279627][T16501] __x64_sys_vmsplice+0x5e/0x80 [ 554.284496][T16501] do_syscall_64+0xcc/0x370 [ 554.289100][T16501] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 554.294996][T16501] RIP: 0033:0x45a639 11:57:31 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) [ 554.298900][T16501] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 554.318511][T16501] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 554.326934][T16501] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 554.334914][T16501] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 554.342887][T16501] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 554.350865][T16501] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 554.358840][T16501] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 554.366943][T16501] memory: usage 307200kB, limit 307200kB, failcnt 42102 [ 554.373934][T16501] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 554.380806][T16501] Memory cgroup stats for /syz5: [ 554.380948][T16501] anon 299642880 [ 554.380948][T16501] file 98304 [ 554.380948][T16501] kernel_stack 1253376 [ 554.380948][T16501] slab 3129344 [ 554.380948][T16501] sock 0 [ 554.380948][T16501] shmem 0 [ 554.380948][T16501] file_mapped 0 [ 554.380948][T16501] file_dirty 0 [ 554.380948][T16501] file_writeback 0 [ 554.380948][T16501] anon_thp 276824064 [ 554.380948][T16501] inactive_anon 0 [ 554.380948][T16501] active_anon 299642880 [ 554.380948][T16501] inactive_file 0 [ 554.380948][T16501] active_file 0 [ 554.380948][T16501] unevictable 0 [ 554.380948][T16501] slab_reclaimable 405504 [ 554.380948][T16501] slab_unreclaimable 2723840 [ 554.380948][T16501] pgfault 48642 [ 554.380948][T16501] pgmajfault 0 [ 554.380948][T16501] workingset_refault 0 [ 554.380948][T16501] workingset_activate 0 [ 554.380948][T16501] workingset_nodereclaim 0 [ 554.380948][T16501] pgrefill 29736 [ 554.380948][T16501] pgscan 29767 [ 554.380948][T16501] pgsteal 67 [ 554.380948][T16501] pgactivate 29667 [ 554.477052][T16501] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16485,uid=0 [ 554.492526][T16501] Memory cgroup out of memory: Killed process 16485 (syz-executor.5) total-vm:72980kB, anon-rss:16564kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:159744kB oom_score_adj:1000 [ 554.514836][T16501] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 554.525065][T16501] CPU: 0 PID: 16501 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 554.532940][T16501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 554.543006][T16501] Call Trace: [ 554.546329][T16501] dump_stack+0x11d/0x181 [ 554.550653][T16501] dump_header+0xaa/0x449 [ 554.555038][T16501] oom_kill_process.cold+0x10/0x15 [ 554.560178][T16501] out_of_memory+0x231/0xa00 [ 554.564809][T16501] mem_cgroup_out_of_memory+0x128/0x150 [ 554.570483][T16501] try_charge+0xb5c/0xbe0 [ 554.574822][T16501] mem_cgroup_try_charge+0xd2/0x260 [ 554.580019][T16501] mem_cgroup_try_charge_delay+0x3a/0x80 [ 554.585722][T16501] wp_page_copy+0x322/0x1120 [ 554.590322][T16501] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 554.596044][T16501] do_wp_page+0x192/0x11f0 [ 554.600489][T16501] ? check_preempt_curr_rt+0x10d/0x120 [ 554.605956][T16501] __handle_mm_fault+0x1ab1/0x2c70 [ 554.611189][T16501] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 554.617519][T16501] handle_mm_fault+0x21b/0x530 [ 554.622287][T16501] __do_page_fault+0x456/0x8d0 [ 554.627059][T16501] ? cgroup_rstat_updated+0xbe/0x1e0 [ 554.632351][T16501] do_page_fault+0x38/0x194 [ 554.636868][T16501] page_fault+0x34/0x40 [ 554.641030][T16501] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 11:57:31 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7cfd) [ 554.647635][T16501] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 554.667256][T16501] RSP: 0000:ffffc90008467bc0 EFLAGS: 00010206 [ 554.673330][T16501] RAX: 0000000000040000 RBX: 0000000000001000 RCX: 0000000000000500 [ 554.681309][T16501] RDX: 0000000000001000 RSI: ffff88809b337b00 RDI: 0000000020319000 [ 554.689286][T16501] RBP: ffffc90008467bf8 R08: ffff88809e23a100 R09: 000088809e23ac18 [ 554.697259][T16501] R10: 0000000000000001 R11: 000088809e23ac1f R12: 0000000020318500 [ 554.705272][T16501] R13: 0000000020319500 R14: 0000000000000000 R15: 00007ffffffff000 [ 554.713345][T16501] ? copyout+0xa5/0xb0 [ 554.717429][T16501] copy_page_to_iter+0x254/0x8b0 [ 554.722388][T16501] pipe_to_user+0x71/0xc0 [ 554.726825][T16501] __splice_from_pipe+0x248/0x480 [ 554.731991][T16501] ? iter_to_pipe+0x3f0/0x3f0 [ 554.736783][T16501] do_vmsplice.part.0+0x1c5/0x210 [ 554.741822][T16501] __do_sys_vmsplice+0x15f/0x1c0 [ 554.746838][T16501] ? __read_once_size+0x5a/0xe0 [ 554.751772][T16501] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 554.757510][T16501] ? _copy_to_user+0x84/0xb0 [ 554.762173][T16501] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 554.768556][T16501] ? put_timespec64+0x94/0xc0 [ 554.773260][T16501] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 554.779522][T16501] __x64_sys_vmsplice+0x5e/0x80 [ 554.784392][T16501] do_syscall_64+0xcc/0x370 [ 554.788917][T16501] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 554.794854][T16501] RIP: 0033:0x45a639 [ 554.798776][T16501] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 554.818477][T16501] RSP: 002b:00007fae92947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 554.826905][T16501] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 554.834887][T16501] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 554.842913][T16501] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 554.850893][T16501] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae929486d4 [ 554.858878][T16501] R13: 00000000004ca5cf R14: 00000000004e2600 R15: 00000000ffffffff [ 554.867017][T16501] memory: usage 290564kB, limit 307200kB, failcnt 42134 [ 554.873981][T16501] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 554.880874][T16501] Memory cgroup stats for /syz5: [ 554.881102][T16501] anon 282914816 [ 554.881102][T16501] file 98304 [ 554.881102][T16501] kernel_stack 1216512 [ 554.881102][T16501] slab 3129344 [ 554.881102][T16501] sock 0 [ 554.881102][T16501] shmem 0 [ 554.881102][T16501] file_mapped 0 [ 554.881102][T16501] file_dirty 0 [ 554.881102][T16501] file_writeback 0 [ 554.881102][T16501] anon_thp 262144000 [ 554.881102][T16501] inactive_anon 0 [ 554.881102][T16501] active_anon 282914816 [ 554.881102][T16501] inactive_file 0 [ 554.881102][T16501] active_file 0 [ 554.881102][T16501] unevictable 0 [ 554.881102][T16501] slab_reclaimable 405504 [ 554.881102][T16501] slab_unreclaimable 2723840 [ 554.881102][T16501] pgfault 48642 [ 554.881102][T16501] pgmajfault 0 [ 554.881102][T16501] workingset_refault 0 [ 554.881102][T16501] workingset_activate 0 [ 554.881102][T16501] workingset_nodereclaim 0 [ 554.881102][T16501] pgrefill 29736 11:57:31 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r2) close(r3) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r3, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r2, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) [ 554.881102][T16501] pgscan 29767 [ 554.881102][T16501] pgsteal 67 [ 554.881102][T16501] pgactivate 29667 [ 554.977242][T16501] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10050,uid=0 [ 554.992791][T16501] Memory cgroup out of memory: Killed process 10050 (syz-executor.5) total-vm:72980kB, anon-rss:8372kB, file-rss:35780kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 555.011252][T16487] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 555.021745][T16487] CPU: 1 PID: 16487 Comm: syz-executor.5 Not tainted 5.4.0-rc7+ #0 [ 555.029634][T16487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 555.039675][T16487] Call Trace: [ 555.042996][T16487] dump_stack+0x11d/0x181 [ 555.047386][T16487] dump_header+0xaa/0x449 [ 555.051712][T16487] oom_kill_process.cold+0x10/0x15 [ 555.056830][T16487] out_of_memory+0x231/0xa00 [ 555.061455][T16487] mem_cgroup_out_of_memory+0x128/0x150 [ 555.067001][T16487] try_charge+0x7f5/0xbe0 [ 555.071367][T16487] ? __rcu_read_unlock+0x66/0x3c0 [ 555.076464][T16487] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 555.081943][T16487] ? get_mem_cgroup_from_mm+0xb6/0x1c0 [ 555.087487][T16487] __memcg_kmem_charge+0xde/0x240 [ 555.092510][T16487] copy_process+0x11d2/0x3b50 [ 555.097270][T16487] ? record_times+0x16/0x90 [ 555.101770][T16487] ? psi_task_change+0x1ad/0x2d0 [ 555.106718][T16487] _do_fork+0xfe/0x6e0 [ 555.110829][T16487] ? preempt_count_add+0x48/0xb0 [ 555.115761][T16487] ? blkcg_maybe_throttle_current+0x472/0x610 [ 555.121816][T16487] ? percpu_ref_put_many+0x78/0xc0 [ 555.126923][T16487] __x64_sys_clone+0x12b/0x160 [ 555.131685][T16487] do_syscall_64+0xcc/0x370 [ 555.136188][T16487] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 555.142068][T16487] RIP: 0033:0x45d009 [ 555.146055][T16487] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 555.165646][T16487] RSP: 002b:00007ffd5a083408 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 555.174057][T16487] RAX: ffffffffffffffda RBX: 00007fae92927700 RCX: 000000000045d009 [ 555.182021][T16487] RDX: 00007fae929279d0 RSI: 00007fae92926db0 RDI: 00000000003d0f00 [ 555.189986][T16487] RBP: 00007ffd5a083620 R08: 00007fae92927700 R09: 00007fae92927700 [ 555.197993][T16487] R10: 00007fae929279d0 R11: 0000000000000202 R12: 0000000000000000 [ 555.205952][T16487] R13: 00007ffd5a0834bf R14: 00007fae929279c0 R15: 000000000075c124 [ 555.214013][T16487] memory: usage 290696kB, limit 307200kB, failcnt 42134 [ 555.221017][T16487] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 555.227851][T16487] Memory cgroup stats for /syz5: [ 555.228090][T16487] anon 282914816 [ 555.228090][T16487] file 98304 [ 555.228090][T16487] kernel_stack 1216512 [ 555.228090][T16487] slab 3129344 [ 555.228090][T16487] sock 0 [ 555.228090][T16487] shmem 0 [ 555.228090][T16487] file_mapped 0 [ 555.228090][T16487] file_dirty 0 [ 555.228090][T16487] file_writeback 0 [ 555.228090][T16487] anon_thp 262144000 [ 555.228090][T16487] inactive_anon 0 [ 555.228090][T16487] active_anon 282914816 [ 555.228090][T16487] inactive_file 0 [ 555.228090][T16487] active_file 0 [ 555.228090][T16487] unevictable 0 [ 555.228090][T16487] slab_reclaimable 405504 [ 555.228090][T16487] slab_unreclaimable 2723840 [ 555.228090][T16487] pgfault 48675 [ 555.228090][T16487] pgmajfault 0 [ 555.228090][T16487] workingset_refault 0 [ 555.228090][T16487] workingset_activate 0 [ 555.228090][T16487] workingset_nodereclaim 0 [ 555.228090][T16487] pgrefill 29736 [ 555.228090][T16487] pgscan 29767 [ 555.228090][T16487] pgsteal 67 [ 555.228090][T16487] pgactivate 29667 [ 555.324294][T16487] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15409,uid=0 [ 555.339796][T16487] Memory cgroup out of memory: Killed process 15409 (syz-executor.5) total-vm:72980kB, anon-rss:8372kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 11:57:32 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200000000000000", 0x29}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:32 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r2) close(r3) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r3, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r2, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:32 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) 11:57:32 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:32 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) shutdown(r5, 0x0) 11:57:32 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7cff) 11:57:33 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7d01) 11:57:33 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r2) close(r3) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r3, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r2, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:33 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) shutdown(r5, 0x0) 11:57:33 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:33 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r2) close(r3) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r3, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r2, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:33 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/44, 0x2c}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:33 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:33 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) shutdown(r5, 0x0) 11:57:33 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7d03) 11:57:33 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:34 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:34 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7d05) 11:57:34 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r2) close(r3) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r3, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r2, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:34 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:34 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x8004) 11:57:34 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/44, 0x2c}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) [ 557.728155][ C0] net_ratelimit: 24 callbacks suppressed [ 557.728174][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 557.739636][ C0] protocol 88fb is buggy, dev hsr_slave_1 11:57:34 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:34 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:34 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xa900) 11:57:35 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:35 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:35 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r2) close(r3) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r3, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r2, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:35 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:35 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/44, 0x2c}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:35 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xd800) 11:57:35 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:35 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 559.018157][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 559.023985][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 559.029805][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 559.035561][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 559.041396][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 559.047151][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 559.052935][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 559.058712][ C1] protocol 88fb is buggy, dev hsr_slave_1 11:57:36 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(0xffffffffffffffff, 0x0) 11:57:36 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r3) close(r4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r4, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r3, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:36 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xd810) 11:57:36 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(0xffffffffffffffff, 0x0) 11:57:36 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:36 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/45, 0x2d}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:36 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xe0fe) 11:57:36 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(0xffffffffffffffff, 0x0) 11:57:36 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x0, 0x0, 0x0) shutdown(r5, 0x0) 11:57:36 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xe17c) 11:57:37 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x0, 0x0, 0x0) shutdown(r5, 0x0) 11:57:37 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r3) close(r4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r4, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r3, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:37 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xe37c) 11:57:37 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x0, 0x0, 0x0) shutdown(r5, 0x0) 11:57:37 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x0, 0x0, 0x0) shutdown(r5, 0x0) 11:57:37 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/45, 0x2d}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:37 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:37 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x0, 0x0, 0x0) shutdown(r5, 0x0) 11:57:37 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xe57c) 11:57:37 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(0xffffffffffffffff, 0x0) 11:57:38 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r3) close(r4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r4, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r3, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:38 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:38 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(0xffffffffffffffff, 0x0) 11:57:38 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xe77c) 11:57:38 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/45, 0x2d}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:38 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x0, 0x0, 0x0) shutdown(r5, 0x0) 11:57:38 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xe803) 11:57:38 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:38 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(0xffffffffffffffff, 0x0) 11:57:38 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(0xffffffffffffffff, 0x0) 11:57:39 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:39 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:39 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xe97c) 11:57:39 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r3) close(r4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r4, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r3, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:39 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) [ 562.951973][T16988] netlink: 'syz-executor.1': attribute type 8 has an invalid length. [ 562.977338][T16988] netlink: 18 bytes leftover after parsing attributes in process `syz-executor.1'. 11:57:39 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xeb7c) 11:57:39 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:39 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) pipe2(&(0x7f0000000900), 0x0) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f00000005c0)={@remote, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @ipv4={[], [], @local}, 0x100000001, 0xfff, 0xd0}) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000180)=""/27, 0x1b, 0x2000, &(0x7f00000001c0)={0x11, 0x6, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = gettid() wait4(r0, 0x0, 0x0, &(0x7f0000000680)) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r1 = open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) openat$cgroup_subtree(r1, &(0x7f0000000080)='cgroup.subtree_control\x00', 0x2, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000740)=ANY=[@ANYBLOB="00fb6d0103999de6e493b2734616e3f1b9e2d447e4232622bcc84051736e57ae3f5a8c696c845c6ba351c534dd000000003ea1f316e400456de96d66ea44ade5908a00bf2b79b11f7eeee95b951365459fa1c64f43124df763fe8f25f4e4c7f988bdbbd1709f3bcfb4b7cc3289"], 0x6d, 0x0) r2 = openat$vsock(0xffffffffffffff9c, 0x0, 0x40000, 0x0) ioctl$KDGKBDIACR(r2, 0x4b4a, &(0x7f0000000340)=""/55) lsetxattr$trusted_overlay_upper(&(0x7f0000000400)='./file0\x00', &(0x7f00000007c0)='trusted.overlay.upper\x00', &(0x7f0000000800)={0x0, 0xfb, 0xc5, 0x5, 0x2, "310a9180fa9143120ded0d3e8c304b4e", "8bf8f9537390d048be1145b883122a7b7c61cb347699258d14433b1077b63b81bcae1ccea78ce95e4190d414be0f2c63e4e141309fb3d9e60de5891c3676d63674003fa81aa62482c47c8a84b9ca77808be3924b25ded4b40f086345e8e1056a49dd29a1eb530a3f04891363922f4915bf817cc77a7d71a764c825fa905491b790031c6fa6fb48c6b3dd96687c6a26b026413eb240f91a5808e103dfeda873eab73adfa2ff4511126e16b33d442391c8"}, 0xc5, 0x2) ioctl$BLKRESETZONE(r2, 0x40101283, &(0x7f0000000000)) ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, &(0x7f0000000240)="0a5b413eb19ec7f61663bb12f18154e8213b081e0880629d04874d70bb7505483bc8c5ee9b1d67f0baba3efa6f4442b0324627ffca21cc512a176e9e65b800c11c35b00d49188bade2e3fa5eaa023222e5cdbbadc2de3355af55772f7d7ce1c74594c5f82449ef7f259e3400880556b9e414091220f123840fecd0ceb200f4bef7e6543126aa060107a81fc77b202e9d4a29916a072313296707d990276346045bbb73e92673eefa0a3e6157427d4993b6f7708a3101cead9ca30ad766c89a11ed323ef782e7a1ea078f2b22ff7950e524ef0d5be02090177aaf2360c26de978b77645829e512890742db7a0dcdee7c427a955064402476b3675419de483f961") write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[@ANYBLOB="2b7069647320412c5ec7b5d90762f8ba9fe8ee7e083311af7cb115b708409b4e9206cb06735d6d1ff4f4b97587976a4a706aee300fb8e7572bcd829a59c00400002125000000c8818253da71fa1b6b4ed383c004ca276a756a0e6e7c9bda4107b37664c98904cb9639bf4b91d78f4ce4035762ba803bb0aa07717d543e909d253ce3ef52d352ed9e0518d43a170ea8f70daf282682ea5e5a295e9d66f169f0dcd24a3d11c633af74dd3ac2ac46fd62ad075e989e5ab6f14a1d6e8f0d35ea51e18be5672af0b7f39f748ebddb0694fc063c33ad9848bde504b51b6ffbe08bc739b903263f25417d20aae0f4261ac0c2a9308f6f79c9a3d41a849aa6505fdfe3ff62519eec162f6e5124975a08f7fee2776176b8b6fdc2fe437bf7d1100bac7cd1e2e539a168ddb0cff0be478ec28588168512fead72b7fecc4608a3044c0a85b87b036ed97a61ecbfca322eff3caeaa262dcfeaddff0ee65060479a962f2e2833ef64f1968e9b763593dbb917d231a51fc021a33b9491a6575584e0"], 0x17b) [ 563.168131][ C1] net_ratelimit: 16 callbacks suppressed [ 563.168140][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 563.179634][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 563.185420][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 563.191199][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 563.196973][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 563.202745][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 563.208510][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 563.214251][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 563.220063][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 563.225812][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 563.244320][T17000] netlink: 'syz-executor.1': attribute type 8 has an invalid length. [ 563.266082][T17000] netlink: 18 bytes leftover after parsing attributes in process `syz-executor.1'. 11:57:40 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xed7c) 11:57:40 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) 11:57:40 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:40 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) pipe2(&(0x7f0000000900), 0x0) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f00000005c0)={@remote, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @ipv4={[], [], @local}, 0x100000001, 0xfff, 0xd0}) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000180)=""/27, 0x1b, 0x2000, &(0x7f00000001c0)={0x11, 0x6, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = gettid() wait4(r0, 0x0, 0x0, &(0x7f0000000680)) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r1 = open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) openat$cgroup_subtree(r1, &(0x7f0000000080)='cgroup.subtree_control\x00', 0x2, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000740)=ANY=[@ANYBLOB="00fb6d0103999de6e493b2734616e3f1b9e2d447e4232622bcc84051736e57ae3f5a8c696c845c6ba351c534dd000000003ea1f316e400456de96d66ea44ade5908a00bf2b79b11f7eeee95b951365459fa1c64f43124df763fe8f25f4e4c7f988bdbbd1709f3bcfb4b7cc3289"], 0x6d, 0x0) r2 = openat$vsock(0xffffffffffffff9c, 0x0, 0x40000, 0x0) ioctl$KDGKBDIACR(r2, 0x4b4a, &(0x7f0000000340)=""/55) lsetxattr$trusted_overlay_upper(&(0x7f0000000400)='./file0\x00', &(0x7f00000007c0)='trusted.overlay.upper\x00', &(0x7f0000000800)={0x0, 0xfb, 0xc5, 0x5, 0x2, "310a9180fa9143120ded0d3e8c304b4e", "8bf8f9537390d048be1145b883122a7b7c61cb347699258d14433b1077b63b81bcae1ccea78ce95e4190d414be0f2c63e4e141309fb3d9e60de5891c3676d63674003fa81aa62482c47c8a84b9ca77808be3924b25ded4b40f086345e8e1056a49dd29a1eb530a3f04891363922f4915bf817cc77a7d71a764c825fa905491b790031c6fa6fb48c6b3dd96687c6a26b026413eb240f91a5808e103dfeda873eab73adfa2ff4511126e16b33d442391c8"}, 0xc5, 0x2) ioctl$BLKRESETZONE(r2, 0x40101283, &(0x7f0000000000)) ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, &(0x7f0000000240)="0a5b413eb19ec7f61663bb12f18154e8213b081e0880629d04874d70bb7505483bc8c5ee9b1d67f0baba3efa6f4442b0324627ffca21cc512a176e9e65b800c11c35b00d49188bade2e3fa5eaa023222e5cdbbadc2de3355af55772f7d7ce1c74594c5f82449ef7f259e3400880556b9e414091220f123840fecd0ceb200f4bef7e6543126aa060107a81fc77b202e9d4a29916a072313296707d990276346045bbb73e92673eefa0a3e6157427d4993b6f7708a3101cead9ca30ad766c89a11ed323ef782e7a1ea078f2b22ff7950e524ef0d5be02090177aaf2360c26de978b77645829e512890742db7a0dcdee7c427a955064402476b3675419de483f961") write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[@ANYBLOB="2b7069647320412c5ec7b5d90762f8ba9fe8ee7e083311af7cb115b708409b4e9206cb06735d6d1ff4f4b97587976a4a706aee300fb8e7572bcd829a59c00400002125000000c8818253da71fa1b6b4ed383c004ca276a756a0e6e7c9bda4107b37664c98904cb9639bf4b91d78f4ce4035762ba803bb0aa07717d543e909d253ce3ef52d352ed9e0518d43a170ea8f70daf282682ea5e5a295e9d66f169f0dcd24a3d11c633af74dd3ac2ac46fd62ad075e989e5ab6f14a1d6e8f0d35ea51e18be5672af0b7f39f748ebddb0694fc063c33ad9848bde504b51b6ffbe08bc739b903263f25417d20aae0f4261ac0c2a9308f6f79c9a3d41a849aa6505fdfe3ff62519eec162f6e5124975a08f7fee2776176b8b6fdc2fe437bf7d1100bac7cd1e2e539a168ddb0cff0be478ec28588168512fead72b7fecc4608a3044c0a85b87b036ed97a61ecbfca322eff3caeaa262dcfeaddff0ee65060479a962f2e2833ef64f1968e9b763593dbb917d231a51fc021a33b9491a6575584e0"], 0x17b) 11:57:40 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 563.624387][T17023] netlink: 'syz-executor.1': attribute type 8 has an invalid length. 11:57:40 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r3) close(r4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r4, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r3, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) [ 563.684694][T17023] netlink: 18 bytes leftover after parsing attributes in process `syz-executor.1'. 11:57:40 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xef7c) 11:57:40 executing program 4: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCSIFBR(r0, 0x8941, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000140)) sched_yield() ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f0000000140)) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') 11:57:40 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) 11:57:40 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:40 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) [ 564.084527][T17053] netlink: 'syz-executor.1': attribute type 8 has an invalid length. 11:57:41 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xf17c) [ 564.143683][T17053] netlink: 18 bytes leftover after parsing attributes in process `syz-executor.1'. 11:57:41 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) 11:57:41 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:41 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:41 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 564.379323][T17070] netlink: 'syz-executor.1': attribute type 8 has an invalid length. [ 564.428256][T17070] netlink: 18 bytes leftover after parsing attributes in process `syz-executor.1'. 11:57:41 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) 11:57:41 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x80000000000004) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x0, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x0, 0x0, 0x1, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x0, 0x0, 0x1, 0x1}, 0x20) 11:57:41 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:41 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xf37c) 11:57:41 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 564.717747][T17093] netlink: 'syz-executor.1': attribute type 8 has an invalid length. [ 564.741490][T17093] netlink: 18 bytes leftover after parsing attributes in process `syz-executor.1'. 11:57:41 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0), 0x0, 0x0, 0x0) 11:57:41 executing program 5: r0 = socket(0x10, 0x803, 0x0) process_vm_writev(0x0, 0x0, 0x5, &(0x7f0000000780)=[{&(0x7f00000028c0)=""/224, 0xe0}], 0x1, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000d00)=""/226, 0xe2}], 0x1, 0x0, 0x0, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000c00)=""/251, 0xfb}], 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000001fc0)={0x288, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x44, 0x5, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_BEARER={0x110, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'caif0\x00'}}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @rand_addr="a6e53038e701b5ba95e0921902d32fc5"}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @mcast1}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_MEDIA={0x38, 0x5, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_BEARER={0x58, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_MEDIA={0x64, 0x5, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_BEARER={0x1c, 0x1, [@TIPC_NLA_BEARER_NAME={0x8, 0x1, @l2={'ib', 0x3a, '\x00'}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}]}, @TIPC_NLA_BEARER={0x10, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x288}}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) 11:57:41 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) [ 565.040091][T17119] netlink: 'syz-executor.1': attribute type 8 has an invalid length. [ 565.051949][T17119] netlink: 18 bytes leftover after parsing attributes in process `syz-executor.1'. 11:57:41 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:42 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0), 0x0, 0x0, 0x0) 11:57:42 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r3) close(r4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r4, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r3, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:42 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xf57c) 11:57:42 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:42 executing program 5: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000240)='.\x00', 0xc0000080) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000480), 0xc, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f00000002c0)=ANY=[@ANYBLOB="53e8f7c8502332c6a200"], 0x4) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) r2 = dup2(0xffffffffffffffff, r1) preadv(r2, 0x0, 0x0, 0x29) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r3, 0x0, r3) connect$inet6(r3, &(0x7f0000000080)={0xa, 0xfffc, 0x0, @remote, 0x6}, 0xfffffffffffffe33) socket(0x0, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002dc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000002100)=[@pktinfo={{0x24, 0x29, 0x32, {@mcast2}}}], 0x28}}], 0x2, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, 0x0) write(0xffffffffffffffff, &(0x7f0000cc2fed)="130000003e0005ffffe3ffbd0000", 0xe) syz_open_dev$amidi(&(0x7f0000000100)='/dev/\x02\xedidi#\x00', 0x400000000040, 0x444040) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r5, 0x0, r5) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) sendto$inet(r4, &(0x7f0000000640)="3232ce2774e7a3797748648df71c7b4542839e347be35844e42ad67454cd5e140e0ab73493d6b6921681e5536dbc0f309747cc199a7f9a20d01e04d55fb1c26504e3e4738aac76780b5c2363a6dc4d10fe9adc2b363abf6981a31f6a58ef2103e7a145b11649eac6d4cc29a315faf899c2e35d08b1974199c08bf4798207b78d8dd89e727382318265acc85a4444869dfc22ba7fd79b455635a715fa1e705070e2857ef21a3076cdfc2c29b26547360add94ef9c349ae62f54e7a90e1aae762a11b2cc6bd720034fac41f1de628e2a3166ec21e03c68a60708328e1606a83211bc78be79097861ce52747ac474593d76f9ec5cdd91725cb16e62b4bb027fbb96eab344de0401076c6345a7d32e9fe9ba1e68ac07081a7d1e0ed1eb9e96b4", 0x11e, 0x0, 0x0, 0x0) sendto$inet(r4, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac", 0x8293, 0x4000002, 0x0, 0x27) [ 565.543740][T17148] netlink: 'syz-executor.1': attribute type 8 has an invalid length. [ 565.580231][T17148] netlink: 18 bytes leftover after parsing attributes in process `syz-executor.1'. 11:57:42 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000001e000503ed00c0648c6394f20531d200060008800000009700d0bd00000200"/46, 0x2e}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000037c0), 0x0, 0x0, 0x0) 11:57:42 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xf77c) [ 565.785214][T17162] netlink: 'syz-executor.1': attribute type 8 has an invalid length. [ 565.794785][T17162] netlink: 18 bytes leftover after parsing attributes in process `syz-executor.1'. 11:57:42 executing program 5: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000240)='.\x00', 0xc0000080) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000480), 0xc, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f00000002c0)=ANY=[@ANYBLOB="53e8f7c8502332c6a200"], 0x4) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) r2 = dup2(0xffffffffffffffff, r1) preadv(r2, 0x0, 0x0, 0x29) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r3, 0x0, r3) connect$inet6(r3, &(0x7f0000000080)={0xa, 0xfffc, 0x0, @remote, 0x6}, 0xfffffffffffffe33) socket(0x0, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002dc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000002100)=[@pktinfo={{0x24, 0x29, 0x32, {@mcast2}}}], 0x28}}], 0x2, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, 0x0) write(0xffffffffffffffff, &(0x7f0000cc2fed)="130000003e0005ffffe3ffbd0000", 0xe) syz_open_dev$amidi(&(0x7f0000000100)='/dev/\x02\xedidi#\x00', 0x400000000040, 0x444040) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r5, 0x0, r5) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) sendto$inet(r4, &(0x7f0000000640)="3232ce2774e7a3797748648df71c7b4542839e347be35844e42ad67454cd5e140e0ab73493d6b6921681e5536dbc0f309747cc199a7f9a20d01e04d55fb1c26504e3e4738aac76780b5c2363a6dc4d10fe9adc2b363abf6981a31f6a58ef2103e7a145b11649eac6d4cc29a315faf899c2e35d08b1974199c08bf4798207b78d8dd89e727382318265acc85a4444869dfc22ba7fd79b455635a715fa1e705070e2857ef21a3076cdfc2c29b26547360add94ef9c349ae62f54e7a90e1aae762a11b2cc6bd720034fac41f1de628e2a3166ec21e03c68a60708328e1606a83211bc78be79097861ce52747ac474593d76f9ec5cdd91725cb16e62b4bb027fbb96eab344de0401076c6345a7d32e9fe9ba1e68ac07081a7d1e0ed1eb9e96b4", 0x11e, 0x0, 0x0, 0x0) sendto$inet(r4, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac", 0x8293, 0x4000002, 0x0, 0x27) 11:57:42 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x8, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000028c0)=[{{0x0, 0x1000001f0, 0x0}}], 0x1, 0x10000, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect(0xffffffffffffffff, &(0x7f0000931ff4)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) syz_extract_tcp_res$synack(&(0x7f0000000180), 0x1, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, &(0x7f00000004c0)) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect(0xffffffffffffffff, &(0x7f0000000380)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'cmac-aes-ce\x00'}, 0x80) connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='fuse.', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040002,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="000169beb694f97056f5c22c2ef5a6c9a7e511d48f27e265ca62c6a58226ef7a240ef87e4411ab72644b80ba76d362269c0ae1bd9e99a361f1a0ae5aa78e8c0e32c2dfa8c9f6802f2cb5ed744ce45b9b77846edc38345daa598a35b3217f115c9fc275ecd6dcff0dafa3a1e18ef266cdbb8eabd3fd2219ea5611e90b3a54a9697b6233a065dab79110dae6f6a6fd350633ed"]) socket(0x10, 0x0, 0x0) write$UHID_INPUT2(r4, &(0x7f0000000700)=ANY=[@ANYBLOB="0c000000cd00fb91d06c6299ef00dd870b1a6e98303716a8164dfbb849192af91482325512300c6ccc2eeb216d51345bcc3a916f39f77e0f9b3aff437bd843a11c7e955241d1eb24cc42e933950e266a39c320648cf777e92582c3ce986f27ac6b129380d16c58c6e13cde4187b99f0cf2dbd4dfd5692c8394d7266b86baa4ba86c07071113ebf737351b4c52a4d0ae4f7427adf68dee84969ae627bb486c5172e692a078fd9e410de72b4a819f9887f196e1a82686fe9af41ad4cfbbe12f48f5ae419d0568e81073572ba215319fdd1e4bea6b27b72cbd9eff776df68ee12086d58"], 0xd3) 11:57:42 executing program 1: socket$inet(0x2, 0x4000000000000001, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f000059dffc), &(0x7f0000000100)=0x4) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x80000) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) add_key$keyring(0x0, &(0x7f00000006c0)={'syz', 0x0}, 0x0, 0x0, 0x0) clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f000000aff5)='asymmetric\x00', &(0x7f0000001ffb)={'\x00\x00\x10', 0xffffffffffffffff, 0x4c00000000006800}, &(0x7f0000001fee)='R\x10rist\xe3cusgrVid:De', 0x0) r0 = request_key(0x0, &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0) keyctl$negate(0xd, 0x0, 0x0, 0xffffffffffffffff) keyctl$search(0xa, 0x0, &(0x7f0000000140)='pkcs7_test\x00', 0x0, r0) 11:57:42 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:43 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xf97c) 11:57:43 executing program 5: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f000095dff8)=ANY=[@ANYBLOB="3f22b8eb", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000100)={r2}, 0x8) 11:57:43 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r3) close(r4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r4, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r3, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:43 executing program 1: perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x450d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_tables_targets\x00') perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000080)='+', 0x1}], 0x1}, 0x8800) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000480)="a9772d9bea4824cc3854a62ffb84c4fb114d80fe462fd727b6f682cf0f9ccfe45f46ed18fc8af0505df86b4230370bfacd1f7266fae5859a3608357c69f51cfa473ef19a9dc2aeb43f9ed68acc034cf841229fbbe3f57130fe2ad707c56a92dbe64e59aa78e24db8e9b50597ab0024ca2564fbdb50e7b8cfa5c7028d556977ad6a90adf768a5ac0505ab07f8256368c6e71dd4b5a1c2e3c9946b610ab2b324099beb706b6a510c134ad18c928be3af6cf20e5016c9a050e35e30716e4913c882272bbfc8f0e1ee9c31484af6953e7d967640eff8accacee6daf3f98051a3ee281555a41340273dcb0bd8cc8cd549676f3ec23cbca42d4b76a178376eefb3da036d60cb88b5cb9c0ae0135be1d4f598c564fbe97ad4b691f59ba4063b898482d9cde4497009884d75b1965874e9c4d5a7cf8a640433c02acd340a98eff73e5948611184c7c60da3b233367d58aaf4e407e2e2c506b871fd822ec231389734d23a2aa5dc197831d8fee19361e5b99d0b51e5b1f0cadf296b91aa9477fa72879b4a3a3040777cf778cee1de32619701d71cb5316c7234a910b497b5f1b2cd2a0d39e92b6b92e091b470da2cec0e1b1fd3ce1a15d559b3733b97b2ddb1dd2aa73c9e03f189b8dd48c9093daddcd2c3fd0e1a9d16046d85c8934d2f9094aa5fa7b8ff061cb753dea2637ac2a8d523c9791ae454ea2e8cb10ce4a3ad8937ed583cd653bdb05b965e658f9c5f06a43bb1e61cfa4cb9be2cb4ef264d10f37e5292576bfdc97b2e1f8b692f0b64f76287e67805df914273677a9c39bd1e4f73d3c1afd99ad18a210caee42ab5c87969f6f99d7423dbb72d436ef3a3dead8eda03274d2e8e7f107eb04fdc3e36d6d4022dbc5c2fe388aaa3234950588ef56362708189826b98d3c9ed4dabcb33582a7e55327e82686aac973a5d0292afd7175a9c57b4fc1e5ba7cb0a34e35e50526d40bdb51a224e5b89e74e8752c1b39ab250b178adfab91c73c04d3c012b244cb7745dde4f716203ffcddaa096186ed0403b323c3aaa79aa4a0e6d1231ce99f83788ba0dc86da01cdad25816c26bf8e523b287d7ee83b5d0c55599ddbd202f743a1bc3d107a9c9610dc62537af48eecdd174ee4e796943250b81af0da28c57955aea149010ede13eb973dbe959500afe5e77b32ad5a11a353555b48eb7684596eadc481c291f185d0d47c639fa5bcb2dffe859a9d4a0e184a640e30f0afe83f2096faef9c0129289688a5267e0d2dadadd0f8cb13f35827f0337d2edf6220a244dd8c135563051f6fcd7fdad7879ff3ef01975938bc6e47aee745d4701cfc5e5546f05903bbcde0120ad847c32658c1384a6d8f188544df337a25f806051a346fb980a4e84fee06b0d367bc81161e96072b2e7e47999ac93437749d11864fa4c03a2d333135660aa17bd421623e6654eeae956e51a0157cb876db3e9cb324641d132cda7aabd9dcaa51f090c1955d20c2618466a0ea5acbaeac5a46e00b8869ca9a337eb5d9406592a790678a1f0bbe729054abb4810f4fdf50c517d4dd312b2d382412d45b9f60464c107c0735b16ceced73484f37cdcc8b9a4a62bc997bbd1d23b993fc5cfed9a43d2f4d335570e76715b020664bedb0db88816bc97ec37d13d64f604b71fc73f3c38954ae554e45997209afb0ff102dc170986e2d72e4178a7e6131308afa29ba732e251ebdf6254c0589752bfca3bef7fd0fc60ba683c6016b16234216bdcf8975bebafd8ee4606a96c1993d1f096b435fa84279344b914dec8e56566e103592a7ed44c63c8b5c18e01fa873032b1087622f225747339d38fa89e7008695ce0b3d6f505ab7ecdf99182ab7aa264d9108af35b0a373da18a8183f696dc70a8ac88c5663a866e89c7d7dbdf7296d63e5167978b38463ae9f36fe4121229e92cced04e", 0xfdef}], 0x1) 11:57:43 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:43 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:43 executing program 5: mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000400)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000080)='trusted.overlay.upper\x00', 0x0, 0x0, 0x1) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') msync(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, &(0x7f0000000480)={0x0, {{0xa, 0x0, 0x0, @empty, 0xfff}}, {{0xa, 0x4e24, 0x0, @empty, 0x9}}}, 0x108) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x1ee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, 0x0) fsetxattr(r0, &(0x7f00000006c0)=ANY=[@ANYBLOB="6f73322a0063ab05a0d5dfe9135f9ab5725e70c790363cf237141d1c8d0435fb65186473f6ada60b9a6fbf98e8035a378a1e6addc457910d279985e7b624ac09349f3c86d23272210759492acebec1c84bdc10ea6dec5de13979cac0787025ef38fb4693a5883d2537486c"], 0x0, 0x0, 0x1) add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$setperm(0x5, 0x0, 0x0) keyctl$invalidate(0x15, 0x0) creat(&(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xc9}, 0x0, 0x0, 0x52}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0, 0x0) r1 = open(0x0, 0x141042, 0x0) r2 = open(0x0, 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, r2, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, r1, 0x0) removexattr(&(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') open(&(0x7f00000000c0)='./file0\x00', 0x3fd, 0x0) open(&(0x7f00000009c0)='./bus\x00', 0x0, 0x0) 11:57:43 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xfb7c) 11:57:43 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:43 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xfd7c) 11:57:43 executing program 1: perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x450d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_tables_targets\x00') perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000080)='+', 0x1}], 0x1}, 0x8800) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000480)="a9772d9bea4824cc3854a62ffb84c4fb114d80fe462fd727b6f682cf0f9ccfe45f46ed18fc8af0505df86b4230370bfacd1f7266fae5859a3608357c69f51cfa473ef19a9dc2aeb43f9ed68acc034cf841229fbbe3f57130fe2ad707c56a92dbe64e59aa78e24db8e9b50597ab0024ca2564fbdb50e7b8cfa5c7028d556977ad6a90adf768a5ac0505ab07f8256368c6e71dd4b5a1c2e3c9946b610ab2b324099beb706b6a510c134ad18c928be3af6cf20e5016c9a050e35e30716e4913c882272bbfc8f0e1ee9c31484af6953e7d967640eff8accacee6daf3f98051a3ee281555a41340273dcb0bd8cc8cd549676f3ec23cbca42d4b76a178376eefb3da036d60cb88b5cb9c0ae0135be1d4f598c564fbe97ad4b691f59ba4063b898482d9cde4497009884d75b1965874e9c4d5a7cf8a640433c02acd340a98eff73e5948611184c7c60da3b233367d58aaf4e407e2e2c506b871fd822ec231389734d23a2aa5dc197831d8fee19361e5b99d0b51e5b1f0cadf296b91aa9477fa72879b4a3a3040777cf778cee1de32619701d71cb5316c7234a910b497b5f1b2cd2a0d39e92b6b92e091b470da2cec0e1b1fd3ce1a15d559b3733b97b2ddb1dd2aa73c9e03f189b8dd48c9093daddcd2c3fd0e1a9d16046d85c8934d2f9094aa5fa7b8ff061cb753dea2637ac2a8d523c9791ae454ea2e8cb10ce4a3ad8937ed583cd653bdb05b965e658f9c5f06a43bb1e61cfa4cb9be2cb4ef264d10f37e5292576bfdc97b2e1f8b692f0b64f76287e67805df914273677a9c39bd1e4f73d3c1afd99ad18a210caee42ab5c87969f6f99d7423dbb72d436ef3a3dead8eda03274d2e8e7f107eb04fdc3e36d6d4022dbc5c2fe388aaa3234950588ef56362708189826b98d3c9ed4dabcb33582a7e55327e82686aac973a5d0292afd7175a9c57b4fc1e5ba7cb0a34e35e50526d40bdb51a224e5b89e74e8752c1b39ab250b178adfab91c73c04d3c012b244cb7745dde4f716203ffcddaa096186ed0403b323c3aaa79aa4a0e6d1231ce99f83788ba0dc86da01cdad25816c26bf8e523b287d7ee83b5d0c55599ddbd202f743a1bc3d107a9c9610dc62537af48eecdd174ee4e796943250b81af0da28c57955aea149010ede13eb973dbe959500afe5e77b32ad5a11a353555b48eb7684596eadc481c291f185d0d47c639fa5bcb2dffe859a9d4a0e184a640e30f0afe83f2096faef9c0129289688a5267e0d2dadadd0f8cb13f35827f0337d2edf6220a244dd8c135563051f6fcd7fdad7879ff3ef01975938bc6e47aee745d4701cfc5e5546f05903bbcde0120ad847c32658c1384a6d8f188544df337a25f806051a346fb980a4e84fee06b0d367bc81161e96072b2e7e47999ac93437749d11864fa4c03a2d333135660aa17bd421623e6654eeae956e51a0157cb876db3e9cb324641d132cda7aabd9dcaa51f090c1955d20c2618466a0ea5acbaeac5a46e00b8869ca9a337eb5d9406592a790678a1f0bbe729054abb4810f4fdf50c517d4dd312b2d382412d45b9f60464c107c0735b16ceced73484f37cdcc8b9a4a62bc997bbd1d23b993fc5cfed9a43d2f4d335570e76715b020664bedb0db88816bc97ec37d13d64f604b71fc73f3c38954ae554e45997209afb0ff102dc170986e2d72e4178a7e6131308afa29ba732e251ebdf6254c0589752bfca3bef7fd0fc60ba683c6016b16234216bdcf8975bebafd8ee4606a96c1993d1f096b435fa84279344b914dec8e56566e103592a7ed44c63c8b5c18e01fa873032b1087622f225747339d38fa89e7008695ce0b3d6f505ab7ecdf99182ab7aa264d9108af35b0a373da18a8183f696dc70a8ac88c5663a866e89c7d7dbdf7296d63e5167978b38463ae9f36fe4121229e92cced04e", 0xfdef}], 0x1) [ 566.981600][ T25] audit: type=1804 audit(1574251063.799:76): pid=17230 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir749733744/syzkaller.DTmeim/347/file0" dev="sda1" ino=16662 res=1 11:57:44 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:57:44 executing program 5: mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000400)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000080)='trusted.overlay.upper\x00', 0x0, 0x0, 0x1) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') msync(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, &(0x7f0000000480)={0x0, {{0xa, 0x0, 0x0, @empty, 0xfff}}, {{0xa, 0x4e24, 0x0, @empty, 0x9}}}, 0x108) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x1ee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, 0x0) fsetxattr(r0, &(0x7f00000006c0)=ANY=[@ANYBLOB="6f73322a0063ab05a0d5dfe9135f9ab5725e70c790363cf237141d1c8d0435fb65186473f6ada60b9a6fbf98e8035a378a1e6addc457910d279985e7b624ac09349f3c86d23272210759492acebec1c84bdc10ea6dec5de13979cac0787025ef38fb4693a5883d2537486c"], 0x0, 0x0, 0x1) add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$setperm(0x5, 0x0, 0x0) keyctl$invalidate(0x15, 0x0) creat(&(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xc9}, 0x0, 0x0, 0x52}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0, 0x0) r1 = open(0x0, 0x141042, 0x0) r2 = open(0x0, 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, r2, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, r1, 0x0) removexattr(&(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') open(&(0x7f00000000c0)='./file0\x00', 0x3fd, 0x0) open(&(0x7f00000009c0)='./bus\x00', 0x0, 0x0) 11:57:44 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xff7c) 11:57:44 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r3) close(r4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r4, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r3, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:44 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:44 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:57:44 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6}, @sadb_x_policy={0x8, 0x12, 0x0, 0x2, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, @in=@loopback}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) 11:57:44 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x40000) 11:57:44 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r0 = socket(0x4000000000010, 0x1000000000080002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x42, 0x0) accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000000c0)=0x14, 0x80000) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={@ipv4={[], [], @local}, @initdev={0xfe, 0x88, [], 0x1, 0x0}, @ipv4={[], [], @multicast1}, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, r1}) socket$inet(0x10, 0x3, 0x0) r2 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', @ifru_flags}) 11:57:44 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:57:44 executing program 1: mknod(&(0x7f0000000180)='./file1\x00', 0x88070, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f00000003c0)='./file1\x00', 0x0, 0x0) r0 = getpgrp(0x0) process_vm_writev(r0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/2, 0x2}], 0x1, &(0x7f0000000480)=[{&(0x7f0000000240)=""/198, 0xc6}], 0x1, 0x0) 11:57:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xc0000) 11:57:45 executing program 5: r0 = socket(0x10, 0x803, 0x0) process_vm_writev(0x0, 0x0, 0x5, &(0x7f0000000780)=[{&(0x7f00000028c0)=""/224, 0xe0}], 0x1, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000d00)=""/226, 0xe2}], 0x1, 0x0, 0x0, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000c00)=""/251, 0xfb}], 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000001fc0)={0x20c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x48, 0x5, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_MEDIA_PROP={0x4}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_BEARER={0x110, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'caif0\x00'}}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @rand_addr="a6e53038e701b5ba95e0921902d32fc5"}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @mcast1}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_MEDIA={0x38, 0x5, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_BEARER={0x58, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_BEARER={0x10, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x20c}}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) 11:57:45 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:45 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x88) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x7}, 0x1001}, 0x0, 0x0, 0xffffffffffffffff, 0xbd837be91bb220f4) r2 = memfd_create(&(0x7f0000000140)='lotrusted\x1a\x00', 0x0) r3 = syz_open_dev$sndseq(&(0x7f00000003c0)='/dev/snd/seq\x00', 0x0, 0x1) r4 = dup2(r3, r2) write(0xffffffffffffffff, &(0x7f0000000500)="223d160a955b5cf6000000f689f1ca7d6db4599a7d2bb1688bed010000000000020022a4f8a86fa5c3a9e962e46974e26532e96f4647c9046c9abd662d03c3b26ceb74cec27745cb8a6ff6b6eca1a31233ab934a38d3bede799ea01384012f76bcd11a11e009b6e915f298023afa0f69f860be23d89450822fd01bf8a0d7401be94284b34ec2ea4b5a975b2293f77113186274ded23e93383dea7c2e5cdb5a680d4a72b29937fc615e22f7357b0d7f57b00f2951efc679ab1875d9e6ae5948c1a7b4c945e845ba137ac394b0982f3a05de55aaf59be011f000000000000000", 0xdf) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5334, &(0x7f00000001c0)={0xf48b, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r2, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) pipe(0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 11:57:45 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:45 executing program 4: r0 = socket(0x1e, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xfffff) 11:57:45 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000d00)={'syz1\x00', {}, 0x41, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000]}, 0x45c) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) 11:57:45 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 568.912760][T17354] input: syz1 as /devices/virtual/input/input7 11:57:45 executing program 4: r0 = socket(0x1e, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:45 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:45 executing program 1: r0 = open(&(0x7f00000003c0)='./bus\x00', 0x40, 0x0) open_by_handle_at(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0a000000010000001d09"], 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/370) ioctl$TCSETA(r1, 0x5409, 0x0) write$FUSE_BMAP(r1, &(0x7f0000000140)={0x18, 0x0, 0x0, {0x718}}, 0x18) 11:57:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x100000) 11:57:46 executing program 4: r0 = socket(0x1e, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) [ 569.338617][ T25] audit: type=1804 audit(1574251066.159:77): pid=17382 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/" dev="sda1" ino=2333 res=1 [ 569.394550][ T25] audit: type=1804 audit(1574251066.179:78): pid=17386 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/" dev="sda1" ino=2333 res=1 [ 569.413596][ C1] net_ratelimit: 26 callbacks suppressed [ 569.413604][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 569.413677][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 569.413712][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 569.413729][ C1] protocol 88fb is buggy, dev hsr_slave_1 11:57:46 executing program 4: listen(0xffffffffffffffff, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(0xffffffffffffffff, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) [ 569.413778][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 569.413801][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 569.413858][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 569.413879][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 569.413911][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 569.413960][ C1] protocol 88fb is buggy, dev hsr_slave_1 11:57:46 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x88) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x7}, 0x1001}, 0x0, 0x0, 0xffffffffffffffff, 0xbd837be91bb220f4) r2 = memfd_create(&(0x7f0000000140)='lotrusted\x1a\x00', 0x0) r3 = syz_open_dev$sndseq(&(0x7f00000003c0)='/dev/snd/seq\x00', 0x0, 0x1) r4 = dup2(r3, r2) write(0xffffffffffffffff, &(0x7f0000000500)="223d160a955b5cf6000000f689f1ca7d6db4599a7d2bb1688bed010000000000020022a4f8a86fa5c3a9e962e46974e26532e96f4647c9046c9abd662d03c3b26ceb74cec27745cb8a6ff6b6eca1a31233ab934a38d3bede799ea01384012f76bcd11a11e009b6e915f298023afa0f69f860be23d89450822fd01bf8a0d7401be94284b34ec2ea4b5a975b2293f77113186274ded23e93383dea7c2e5cdb5a680d4a72b29937fc615e22f7357b0d7f57b00f2951efc679ab1875d9e6ae5948c1a7b4c945e845ba137ac394b0982f3a05de55aaf59be011f000000000000000", 0xdf) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5334, &(0x7f00000001c0)={0xf48b, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r2, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) pipe(0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 11:57:46 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:46 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x41, 0x0) write$P9_RSETATTR(r2, &(0x7f0000000180)={0x7}, 0x7) 11:57:46 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x231860) 11:57:46 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:46 executing program 4: listen(0xffffffffffffffff, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(0xffffffffffffffff, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:46 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x88) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x7}, 0x1001}, 0x0, 0x0, 0xffffffffffffffff, 0xbd837be91bb220f4) r2 = memfd_create(&(0x7f0000000140)='lotrusted\x1a\x00', 0x0) r3 = syz_open_dev$sndseq(&(0x7f00000003c0)='/dev/snd/seq\x00', 0x0, 0x1) r4 = dup2(r3, r2) write(0xffffffffffffffff, &(0x7f0000000500)="223d160a955b5cf6000000f689f1ca7d6db4599a7d2bb1688bed010000000000020022a4f8a86fa5c3a9e962e46974e26532e96f4647c9046c9abd662d03c3b26ceb74cec27745cb8a6ff6b6eca1a31233ab934a38d3bede799ea01384012f76bcd11a11e009b6e915f298023afa0f69f860be23d89450822fd01bf8a0d7401be94284b34ec2ea4b5a975b2293f77113186274ded23e93383dea7c2e5cdb5a680d4a72b29937fc615e22f7357b0d7f57b00f2951efc679ab1875d9e6ae5948c1a7b4c945e845ba137ac394b0982f3a05de55aaf59be011f000000000000000", 0xdf) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5334, &(0x7f00000001c0)={0xf48b, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r2, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) pipe(0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 11:57:46 executing program 4: listen(0xffffffffffffffff, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(0xffffffffffffffff, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:46 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:57:47 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x80ffff) 11:57:47 executing program 4: r0 = socket(0x0, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:47 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1000000) 11:57:47 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000500)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x1c, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [""]}, 0x1c}}, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:57:47 executing program 4: r0 = socket(0x0, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:47 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:57:47 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:47 executing program 4: r0 = socket(0x0, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:47 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1000080) 11:57:47 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) creat(0x0, 0x0) r0 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x2000402) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setsig(0xffffffffffffffff, 0xa, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{0x0, 0x0, &(0x7f0000002e80)=[{&(0x7f0000002cc0)=""/6, 0x6}], 0x1}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x820c}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00') preadv(r1, &(0x7f00000017c0), 0x3a8, 0x100000000000000) 11:57:47 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:57:47 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r0, &(0x7f0000000100)={0x1f, 0x4, {}, 0x9}, 0xe) 11:57:47 executing program 4: r0 = socket(0x1e, 0x0, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:48 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x17d0000) 11:57:48 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:48 executing program 4: r0 = socket(0x1e, 0x0, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:48 executing program 5: ioctl(0xffffffffffffffff, 0x1000008912, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, 0x0) r0 = creat(0x0, 0x0) r1 = open(0x0, 0x400, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, &(0x7f0000000100)) pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000180)={'security\x00'}, &(0x7f0000000000)=0x54) write(r3, &(0x7f00000001c0), 0xfffffef3) lseek(0xffffffffffffffff, 0x0, 0x0) fcntl$setsig(0xffffffffffffffff, 0xa, 0x0) ioctl$TCSBRKP(r1, 0x5425, 0x7f) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000140)=0x4a, 0x0) read(r2, &(0x7f0000000200)=""/250, 0x50c7e3e3) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) setns(r3, 0x0) mount(&(0x7f0000000ac0)=ANY=[], 0x0, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) fcntl$setflags(0xffffffffffffffff, 0x2, 0x2) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000300)={{{@in6=@loopback, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x4d2, 0x33}, 0x0, @in6=@dev, 0x0, 0x0, 0x0, 0x1}}, 0xe8) r5 = socket$inet(0x10, 0x3, 0xc) sendmsg(0xffffffffffffffff, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="24000000010307031dfffd946ff20c0020200a0009000300021d8568021baba2", 0x20}], 0x1}, 0x0) dup(r5) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r4, &(0x7f00000092c0), 0x4ff, 0x0) 11:57:48 executing program 1: setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x1ee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000000c0)=0x1000006) keyctl$invalidate(0x15, 0x0) open(0x0, 0x0, 0x0) open(0x0, 0x141042, 0x0) 11:57:48 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:48 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1cd7fd0) 11:57:48 executing program 4: r0 = socket(0x1e, 0x0, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:48 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:48 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(0xffffffffffffffff, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:48 executing program 1: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000000)=0x2, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3, 0x1c) pipe(0x0) 11:57:48 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:48 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(0xffffffffffffffff, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:49 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x2000000) 11:57:49 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:49 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(0xffffffffffffffff, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:49 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000d00)={'syz1\x00'}, 0x45c) 11:57:49 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:49 executing program 5: ioctl(0xffffffffffffffff, 0x1000008912, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, 0x0) r0 = creat(0x0, 0x0) r1 = open(0x0, 0x400, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, &(0x7f0000000100)) pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000180)={'security\x00'}, &(0x7f0000000000)=0x54) write(r3, &(0x7f00000001c0), 0xfffffef3) lseek(0xffffffffffffffff, 0x0, 0x0) fcntl$setsig(0xffffffffffffffff, 0xa, 0x0) ioctl$TCSBRKP(r1, 0x5425, 0x7f) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000140)=0x4a, 0x0) read(r2, &(0x7f0000000200)=""/250, 0x50c7e3e3) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) setns(r3, 0x0) mount(&(0x7f0000000ac0)=ANY=[], 0x0, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) fcntl$setflags(0xffffffffffffffff, 0x2, 0x2) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000300)={{{@in6=@loopback, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x4d2, 0x33}, 0x0, @in6=@dev, 0x0, 0x0, 0x0, 0x1}}, 0xe8) r5 = socket$inet(0x10, 0x3, 0xc) sendmsg(0xffffffffffffffff, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="24000000010307031dfffd946ff20c0020200a0009000300021d8568021baba2", 0x20}], 0x1}, 0x0) dup(r5) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r4, &(0x7f00000092c0), 0x4ff, 0x0) 11:57:49 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:49 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:49 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x3000000) 11:57:49 executing program 1: mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') msync(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0) pipe2(&(0x7f0000000000), 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x1ee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f00000000c0)) ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0) keyctl$setperm(0x5, 0x0, 0x0) keyctl$invalidate(0x15, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0, 0x0) open(&(0x7f00000009c0)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, 0xffffffffffffffff, 0x0) removexattr(&(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') open(&(0x7f00000000c0)='./file0\x00', 0x3fd, 0x0) 11:57:49 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:49 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x37d0000) 11:57:49 executing program 1: mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') msync(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0) pipe2(&(0x7f0000000000), 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x1ee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f00000000c0)) ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0) keyctl$setperm(0x5, 0x0, 0x0) keyctl$invalidate(0x15, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0, 0x0) open(&(0x7f00000009c0)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, 0xffffffffffffffff, 0x0) removexattr(&(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') open(&(0x7f00000000c0)='./file0\x00', 0x3fd, 0x0) 11:57:50 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r2 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r2, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r2) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r2, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r3, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r3, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r3, 0x0) 11:57:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x4000000) 11:57:50 executing program 5: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="d00800002800ffcd3be9680000f87eff14421567", @ANYRES32], 0x2}}, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000000)={@mcast2}, 0x14) close(r2) socket$inet(0x10, 0x2, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 11:57:50 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:50 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000380)='/dev/null\x00', 0x40400, 0x0) ioctl$NS_GET_USERNS(r2, 0xb701, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r3 = syz_open_procfs(0x0, &(0x7f0000000400)='net/udp6\x00') r4 = socket$inet6(0xa, 0x2, 0x0) sendfile(r4, r3, &(0x7f0000000080)=0x4200000000000f0, 0x0) getsockopt$inet6_buf(r3, 0x29, 0x2a, &(0x7f0000000180)=""/130, &(0x7f00000000c0)=0x82) r5 = socket$inet_udp(0x2, 0x2, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r6, 0x0, 0x2a, &(0x7f0000000280)={0x40000000000002, {{0x2, 0x0, @multicast2}}}, 0x88) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f0000000100)={'syz_tun\x00'}) r7 = syz_open_procfs(0x0, &(0x7f0000000400)='net/udp6\x00') r8 = socket$inet6(0xa, 0x2, 0x0) sendfile(r8, r7, &(0x7f0000000080)=0x4200000000000f0, 0x0) ioctl$RTC_RD_TIME(r7, 0x80247009, &(0x7f00000003c0)) 11:57:50 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r2 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r2, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r2) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r2, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r3, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r3, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r3, 0x0) 11:57:50 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x5000000) [ 573.698734][T17670] netlink: 2220 bytes leftover after parsing attributes in process `syz-executor.5'. 11:57:50 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r2 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r2, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r2) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r2, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r3, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r3, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r3, 0x0) 11:57:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x57d0000) 11:57:50 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:57:50 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000000100)=0x7f, 0x4) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0xfffffefffffefffc, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) 11:57:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x6000000) 11:57:51 executing program 1: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r1, r0) 11:57:51 executing program 5: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="6653a8990785363940aed12f0000000000000022f1f169a4000000000000009f1f8175442cf91022fe50377a22cbccb0353cffd7a7c0c92465e5f9cc2d3fbf9d22168078aba9d7ae45", 0x49}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x30) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 574.638258][T17734] ptrace attach of "/root/syz-executor.5"[17733] was attempted by "/root/syz-executor.5"[17734] 11:57:51 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:51 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:57:51 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x3, 0x7) getsockopt$IP_VS_SO_GET_INFO(r3, 0x0, 0x481, 0x0, &(0x7f0000000080)) 11:57:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x7000000) 11:57:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000500)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_DEASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x4040ae72, &(0x7f0000000080)={0xffffffc1, 0x90}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f0000000240)={0x1, 0x2, 0x1000, 0x29, &(0x7f0000000140)="911f77c572e87a09be863a3e4534c5c2d425a3182e1253f31262f40502485974bbb9dd0314a8ebd3af", 0x0, 0x0, 0x0}) modify_ldt$write2(0x11, 0x0, 0x0) 11:57:51 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") getsockopt$bt_hci(r0, 0x0, 0x2, &(0x7f0000000400)=""/177, &(0x7f0000000300)=0xb1) 11:57:51 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:57:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x8000000) 11:57:51 executing program 1: mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000400)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000080)='trusted.overlay.upper\x00', 0x0, 0x0, 0x1) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x1ee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080)) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, 0x0) keyctl$setperm(0x5, 0x0, 0x0) keyctl$invalidate(0x15, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}, 0x0, 0x0, 0x52}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0, 0x0) open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, 0xffffffffffffffff, 0x0) removexattr(&(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f00000005c0)=ANY=[@ANYBLOB="7573657144000000000000802f74656400"]) unlink(&(0x7f0000000040)='./file0\x00') open(&(0x7f00000000c0)='./file0\x00', 0x3fd, 0x0) 11:57:51 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:57:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x9000000) [ 575.387943][T17791] cgroup: fork rejected by pids controller in /syz3 [ 575.648155][ C1] net_ratelimit: 26 callbacks suppressed [ 575.648165][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 575.659630][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 575.665380][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 575.671130][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 575.676901][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 575.682669][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 575.688441][ C1] protocol 88fb is buggy, dev hsr_slave_0 11:57:52 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000500)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_DEASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x4040ae72, &(0x7f0000000080)={0xffffffc1, 0x90}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f0000000240)={0x1, 0x2, 0x1000, 0x29, &(0x7f0000000140)="911f77c572e87a09be863a3e4534c5c2d425a3182e1253f31262f40502485974bbb9dd0314a8ebd3af", 0x0, 0x0, 0x0}) modify_ldt$write2(0x11, 0x0, 0x0) 11:57:52 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:57:52 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x0, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) [ 575.694177][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 575.699972][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 575.705717][ C1] protocol 88fb is buggy, dev hsr_slave_1 11:57:52 executing program 1: mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000400)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000080)='trusted.overlay.upper\x00', 0x0, 0x0, 0x1) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x1ee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080)) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, 0x0) keyctl$setperm(0x5, 0x0, 0x0) keyctl$invalidate(0x15, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}, 0x0, 0x0, 0x52}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0, 0x0) open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, 0xffffffffffffffff, 0x0) removexattr(&(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f00000005c0)=ANY=[@ANYBLOB="7573657144000000000000802f74656400"]) unlink(&(0x7f0000000040)='./file0\x00') open(&(0x7f00000000c0)='./file0\x00', 0x3fd, 0x0) 11:57:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xa000000) 11:57:52 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:57:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xb000000) 11:57:53 executing program 1: mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000400)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000080)='trusted.overlay.upper\x00', 0x0, 0x0, 0x1) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x1ee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080)) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, 0x0) keyctl$setperm(0x5, 0x0, 0x0) keyctl$invalidate(0x15, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}, 0x0, 0x0, 0x52}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0, 0x0) open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, 0xffffffffffffffff, 0x0) removexattr(&(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f00000005c0)=ANY=[@ANYBLOB="7573657144000000000000802f74656400"]) unlink(&(0x7f0000000040)='./file0\x00') open(&(0x7f00000000c0)='./file0\x00', 0x3fd, 0x0) 11:57:53 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:57:53 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0xffffffffffffffcd, &(0x7f0000000340)={&(0x7f0000000300)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) write$P9_RREADDIR(0xffffffffffffffff, 0x0, 0x0) setsockopt(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40000}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) 11:57:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xc000000) [ 576.642417][T17859] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 11:57:53 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:53 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x0, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) [ 576.685578][T17859] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 11:57:53 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:57:53 executing program 1: 11:57:54 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:57:54 executing program 1: 11:57:54 executing program 1: 11:57:54 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x3}, 0xb) shutdown(r2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000180)=0x10) r3 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000080)={r4}, 0x8) 11:57:54 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:57:54 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x0, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) [ 578.145315][T17864] bridge0: port 2(bridge_slave_1) entered disabled state [ 578.152533][T17864] bridge0: port 1(bridge_slave_0) entered disabled state [ 579.470448][T17859] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 579.479215][T17859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 579.499944][T17859] 8021q: adding VLAN 0 to HW filter on device team0 11:57:57 executing program 5: socket$netlink(0x10, 0x3, 0x7) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, 0x0) sched_getscheduler(0x0) socket(0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(0x0, 0x0, 0x111) syz_genetlink_get_family_id$tipc(0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000240)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') gettid() 11:57:57 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:57 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:57:57 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, 0x0, 0x0) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xd000000) 11:57:57 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c035950000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f0697c18d72d5d68b8bbaa100ed", 0xffffffffffffff2c}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x2000000000000005, 0x0, 0x3, 0xca4, 0x0, 0x0, 0x800]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) pselect6(0x40, &(0x7f0000000080)={0x0, 0xc719, 0x800, 0x0, 0x90, 0x0, 0x3da}, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffc1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:57:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xe000000) [ 580.615681][T18343] fuse: Bad value for 'fd' 11:57:57 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) [ 580.749346][T18449] fuse: Bad value for 'fd' 11:57:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0xf000000) 11:57:57 executing program 5: 11:57:58 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, 0x0, 0x0) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:58 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:58 executing program 3: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x10000000) [ 581.898276][ C1] net_ratelimit: 26 callbacks suppressed [ 581.898285][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 581.909714][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 581.915462][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 581.921214][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 581.926978][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 581.932764][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 581.938550][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 581.944282][ C1] protocol 88fb is buggy, dev hsr_slave_1 11:57:58 executing program 1: 11:57:59 executing program 1: 11:57:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x11000000) 11:57:59 executing program 3: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:59 executing program 1: 11:57:59 executing program 1: 11:57:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x12000000) 11:57:59 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r0 = socket(0x4000000000010, 0x1000000000080002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x42, 0x0) accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000000c0)=0x14, 0x80000) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={@ipv4={[], [], @local}, @initdev={0xfe, 0x88, [], 0x1, 0x0}, @ipv4={[], [], @multicast1}, 0x0, 0x280, 0x0, 0x0, 0x0, 0x0, r1}) socket$inet(0x10, 0x3, 0x0) r2 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', @ifru_flags}) [ 582.688159][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 582.693958][ C0] protocol 88fb is buggy, dev hsr_slave_1 11:57:59 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, 0x0, 0x0) recvfrom(r0, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:57:59 executing program 1: 11:57:59 executing program 3: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:57:59 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:57:59 executing program 5: 11:57:59 executing program 1: 11:57:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x13000000) 11:58:00 executing program 1: 11:58:00 executing program 3: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 583.378802][ T7819] device bridge_slave_1 left promiscuous mode [ 583.399093][ T7819] bridge0: port 2(bridge_slave_1) entered disabled state 11:58:00 executing program 1: [ 583.481437][ T7819] device bridge_slave_0 left promiscuous mode [ 583.489930][ T7819] bridge0: port 1(bridge_slave_0) entered disabled state 11:58:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x14000000) [ 583.608415][ T7819] device hsr_slave_0 left promiscuous mode [ 583.638269][ T7819] device hsr_slave_1 left promiscuous mode [ 583.677295][ T7819] team0 (unregistering): Port device team_slave_1 removed 11:58:00 executing program 1: [ 583.735710][ T7819] team0 (unregistering): Port device team_slave_0 removed 11:58:00 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(0xffffffffffffffff, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:58:00 executing program 3: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) [ 583.797131][ T7819] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface 11:58:00 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) [ 583.912040][ T7819] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface 11:58:00 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(0xffffffffffffffff, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) [ 584.055333][ T7819] bond0 (unregistering): Released all slaves [ 585.705039][T19188] IPVS: ftp: loaded support on port[0] = 21 [ 585.753019][T19188] chnl_net:caif_netlink_parms(): no params data found [ 585.777309][T19188] bridge0: port 1(bridge_slave_0) entered blocking state [ 585.784656][T19188] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.792775][T19188] device bridge_slave_0 entered promiscuous mode [ 585.800623][T19188] bridge0: port 2(bridge_slave_1) entered blocking state [ 585.807947][T19188] bridge0: port 2(bridge_slave_1) entered disabled state [ 585.816021][T19188] device bridge_slave_1 entered promiscuous mode [ 585.833165][T19188] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 585.843830][T19188] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 585.861915][T19188] team0: Port device team_slave_0 added [ 585.868686][T19188] team0: Port device team_slave_1 added [ 585.930518][T19188] device hsr_slave_0 entered promiscuous mode [ 585.968494][T19188] device hsr_slave_1 entered promiscuous mode [ 586.008226][T19188] debugfs: Directory 'hsr0' with parent '/' already present! [ 586.022102][T19188] bridge0: port 2(bridge_slave_1) entered blocking state [ 586.029538][T19188] bridge0: port 2(bridge_slave_1) entered forwarding state [ 586.037032][T19188] bridge0: port 1(bridge_slave_0) entered blocking state [ 586.044629][T19188] bridge0: port 1(bridge_slave_0) entered forwarding state [ 586.073896][T19188] 8021q: adding VLAN 0 to HW filter on device bond0 [ 586.085514][ T2934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 586.094068][ T2934] bridge0: port 1(bridge_slave_0) entered disabled state [ 586.102168][ T2934] bridge0: port 2(bridge_slave_1) entered disabled state [ 586.112172][ T2934] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 586.124051][T19188] 8021q: adding VLAN 0 to HW filter on device team0 [ 586.135840][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 586.145056][ T2849] bridge0: port 1(bridge_slave_0) entered blocking state [ 586.152301][ T2849] bridge0: port 1(bridge_slave_0) entered forwarding state [ 586.170598][ T7702] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 586.179509][ T7702] bridge0: port 2(bridge_slave_1) entered blocking state [ 586.186574][ T7702] bridge0: port 2(bridge_slave_1) entered forwarding state [ 586.195931][ T7702] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 586.205088][ T7702] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 586.216044][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 586.230078][T19188] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 586.241187][T19188] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 586.253490][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 586.269127][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 586.277709][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 586.293963][T19188] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 586.302115][ T2934] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 586.310992][ T2934] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 11:58:03 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2, @loopback}, 0xc) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000000)={0x0, {{0x2, 0x0, @multicast2}}}, 0x90) 11:58:03 executing program 1: 11:58:03 executing program 3: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:58:03 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(0xffffffffffffffff, &(0x7f0000000000)=""/121, 0x79, 0x0, 0x0, 0x0) 11:58:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x15000000) 11:58:03 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:03 executing program 1: openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) setsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, 0x0, 0x0) ftruncate(r2, 0x200004) sendfile(r0, r2, 0x0, 0x80001d00c0d0) r3 = syz_open_pts(0xffffffffffffffff, 0x0) ioctl$TIOCSETD(r3, 0x5423, 0x0) write$P9_RSYMLINK(0xffffffffffffffff, 0x0, 0x0) ioctl$TCSETSF(0xffffffffffffffff, 0x5412, &(0x7f0000000040)={0x7c, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}) 11:58:03 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 11:58:03 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000001c0)={0x0, 0x2}) r1 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000001c0)={0x0, 0x2}) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0) r2 = socket(0x0, 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, 0x0, &(0x7f0000000400)) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 11:58:03 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 11:58:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x16000000) 11:58:03 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x7e392ee7d4c31ed9) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000140)='proc\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="6653a8990785363940aed12f0000000000000022f1f169a4000000000000009f1f8175442cf91022fe50377a22cbccb0353cffd7a7c0c92465e5f9cc2d3fbf9d22168078aba9d7ae45b0051a1221af2772a956", 0xa8}], 0x3, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x30) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x9, r1, 0x0, 0x0) 11:58:03 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:58:03 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:03 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:03 executing program 4: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 587.079003][T19347] ptrace attach of "/root/syz-executor.1"[19344] was attempted by "/root/syz-executor.1"[19347] 11:58:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x17000000) 11:58:04 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:04 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:58:04 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:04 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x18000000) 11:58:04 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:58:04 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) [ 588.128147][ C1] net_ratelimit: 28 callbacks suppressed [ 588.128157][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 588.140793][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 588.146913][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 588.153337][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 588.159354][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 588.165193][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 588.170993][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 588.176741][ C1] protocol 88fb is buggy, dev hsr_slave_1 11:58:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x19000000) 11:58:05 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:05 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:58:05 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) [ 588.768132][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 588.774505][ C0] protocol 88fb is buggy, dev hsr_slave_1 11:58:05 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:58:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1a000000) 11:58:05 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:05 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1b000000) 11:58:06 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:58:06 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:06 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1c000000) 11:58:06 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:58:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1d000000) 11:58:06 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:06 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:07 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:58:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1e000000) 11:58:07 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:07 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:07 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:58:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x1f000000) 11:58:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x21000000) 11:58:07 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:07 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x26000000) 11:58:08 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:58:08 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:08 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x2e000000) 11:58:08 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:58:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x36000000) 11:58:09 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r4, 0x0) 11:58:09 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:09 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x38000000) 11:58:09 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:58:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x3e000000) 11:58:09 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:09 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2}, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r4) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000340)={0x4, 0xc829}) write$cgroup_type(r5, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r4, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 11:58:10 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000c00)=ANY=[@ANYBLOB="23024089d3e995ffcf5a9abfbe726ff1a83dd858d2540c7e90d409ad18d9903b6e9f171b9593753c1c867bc78c205d9b750d3dc284a1e10cd0109e7a3731d57d999c70c9787b744edc5bef1c14f46d94ba60e841f95ef82bfbbb2ec794f96ea6ac69cdb9f22a612b674217a52b411cf3c9133f7651da5ca733de3cd55771b24c32f7c4625751083a544e2ed52767eee23606d36001007b3448f7c43758cf9725352da96697fad646eaff8be47e68ced61dccc39405cd27922170b8c56fbd09ab28e1442bc7d5dae35d8fb4fe581991e28907dfbdf591d2cfa31e662c3f58574d78dc25c9714fbfaff6fd705ad79e1df4fd86f8de9df9e18dac61407a1ce67f121042ece8f5ca2a0c7776dcf81c99a0322724231a604839128ce3d297ff4fa129"], 0x120) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x0, 0x0, 0x0, 0x8f4e9f3b60d269bf, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{}, {}]}) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r5, 0x0) 11:58:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, {0x77359400}, {0xc665b8fc7cbbe8d0, 0x0, 0x0, 0x0, 0x0, 0x0, "1cd7e0e2"}, 0x0, 0x0, @fd, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x40000000) [ 593.444607][T20819] ================================================================== [ 593.452794][T20819] BUG: KCSAN: data-race in unix_release_sock / unix_write_space [ 593.460417][T20819] [ 593.462748][T20819] read to 0xffff8880a781b412 of 1 bytes by task 20741 on cpu 1: [ 593.470386][T20819] unix_write_space+0x3d/0x190 [ 593.475155][T20819] sock_wfree+0xd7/0x100 [ 593.479398][T20819] unix_destruct_scm+0xd9/0x100 [ 593.484241][T20819] skb_release_head_state+0xb8/0x180 [ 593.489535][T20819] skb_release_all+0x1f/0x60 [ 593.494127][T20819] kfree_skb+0x98/0x1d0 [ 593.498287][T20819] unix_release_sock+0x2c4/0x5a0 [ 593.503224][T20819] unix_release+0x3e/0x70 [ 593.507555][T20819] __sock_release+0x85/0x160 [ 593.512150][T20819] sock_close+0x24/0x30 [ 593.516301][T20819] __fput+0x1e1/0x520 [ 593.520276][T20819] ____fput+0x1f/0x30 [ 593.524259][T20819] task_work_run+0xf6/0x130 [ 593.528767][T20819] exit_to_usermode_loop+0x2b4/0x2c0 [ 593.534056][T20819] do_syscall_64+0x353/0x370 [ 593.538644][T20819] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 593.544516][T20819] [ 593.546836][T20819] write to 0xffff8880a781b412 of 1 bytes by task 20819 on cpu 0: [ 593.554560][T20819] unix_release_sock+0x19f/0x5a0 [ 593.559488][T20819] unix_release+0x3e/0x70 [ 593.563803][T20819] __sock_release+0x85/0x160 [ 593.568384][T20819] sock_close+0x24/0x30 [ 593.572529][T20819] __fput+0x1e1/0x520 [ 593.576499][T20819] ____fput+0x1f/0x30 [ 593.580473][T20819] task_work_run+0xf6/0x130 [ 593.584970][T20819] exit_to_usermode_loop+0x2b4/0x2c0 [ 593.590247][T20819] do_syscall_64+0x353/0x370 [ 593.594827][T20819] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 593.601397][T20819] [ 593.603712][T20819] Reported by Kernel Concurrency Sanitizer on: [ 593.609860][T20819] CPU: 0 PID: 20819 Comm: syz-executor.2 Not tainted 5.4.0-rc7+ #0 [ 593.617739][T20819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 593.627792][T20819] ================================================================== [ 593.635841][T20819] Kernel panic - not syncing: panic_on_warn set ... [ 593.642421][T20819] CPU: 0 PID: 20819 Comm: syz-executor.2 Not tainted 5.4.0-rc7+ #0 [ 593.650307][T20819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 593.660483][T20819] Call Trace: [ 593.663778][T20819] dump_stack+0x11d/0x181 [ 593.668118][T20819] panic+0x210/0x640 [ 593.672016][T20819] ? vprintk_func+0x8d/0x140 [ 593.676615][T20819] kcsan_report.cold+0xc/0xd [ 593.681290][T20819] kcsan_setup_watchpoint+0x3fe/0x460 [ 593.686670][T20819] __tsan_unaligned_write1+0xc0/0x100 [ 593.692050][T20819] unix_release_sock+0x19f/0x5a0 [ 593.697001][T20819] unix_release+0x3e/0x70 [ 593.701330][T20819] __sock_release+0x85/0x160 [ 593.705923][T20819] sock_close+0x24/0x30 [ 593.710080][T20819] __fput+0x1e1/0x520 [ 593.714061][T20819] ? __sock_release+0x160/0x160 [ 593.718921][T20819] ____fput+0x1f/0x30 [ 593.722907][T20819] task_work_run+0xf6/0x130 [ 593.727408][T20819] exit_to_usermode_loop+0x2b4/0x2c0 [ 593.732692][T20819] do_syscall_64+0x353/0x370 [ 593.737281][T20819] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 593.743161][T20819] RIP: 0033:0x45a639 [ 593.747051][T20819] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 593.766643][T20819] RSP: 002b:00007fe202290c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 593.775047][T20819] RAX: 0000000000035880 RBX: 0000000000000003 RCX: 000000000045a639 [ 593.783008][T20819] RDX: 00000000fffffc61 RSI: 0000000020000080 RDI: 0000000000000005 [ 593.791143][T20819] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 593.799106][T20819] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2022916d4 [ 593.807066][T20819] R13: 00000000004cafad R14: 00000000004e3488 R15: 00000000ffffffff [ 593.816474][T20819] Kernel Offset: disabled [ 593.820801][T20819] Rebooting in 86400 seconds..