x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:08 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:08 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x14, 0x7, 0x6, 0x3}, 0x14}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)

04:06:08 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800"/886], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  526.535339][   T27] audit: type=1804 audit(1589169968.748:101): pid=20351 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir529998440/syzkaller.YRmlzs/269/cgroup.controllers" dev="sda1" ino=16262 res=1
04:06:10 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:10 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x0)

04:06:10 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb", 0x34}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:06:10 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800"/886], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:10 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x14, 0x7, 0x6, 0x3}, 0x14}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)

04:06:10 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:10 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800"/893], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  528.582912][   T27] audit: type=1804 audit(1589169970.798:102): pid=20365 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir529998440/syzkaller.YRmlzs/270/cgroup.controllers" dev="sda1" ino=16310 res=1
04:06:10 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x0)

04:06:11 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800"/893], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:11 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(0xffffffffffffffff, r1, 0x0, 0x100000002)

04:06:11 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800"/893], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:11 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(0xffffffffffffffff, 0x2402, 0x1)

[  528.963880][   T27] audit: type=1804 audit(1589169971.179:103): pid=20386 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir529998440/syzkaller.YRmlzs/271/cgroup.controllers" dev="sda1" ino=16251 res=1
04:06:11 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(0xffffffffffffffff, r1, 0x0, 0x100000002)

04:06:11 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004fe"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  529.532806][   T27] audit: type=1804 audit(1589169971.749:104): pid=20406 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir529998440/syzkaller.YRmlzs/272/cgroup.controllers" dev="sda1" ino=16258 res=1
04:06:13 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb", 0x34}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:06:13 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:13 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:13 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:13 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004fe"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:13 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(0xffffffffffffffff, r1, 0x0, 0x100000002)

[  531.658552][   T27] audit: type=1804 audit(1589169973.879:105): pid=20420 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir529998440/syzkaller.YRmlzs/273/cgroup.controllers" dev="sda1" ino=16278 res=1
04:06:13 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004fe"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:14 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000002)

04:06:14 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:14 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:14 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  532.009328][   T27] audit: type=1804 audit(1589169974.229:106): pid=20438 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir529998440/syzkaller.YRmlzs/274/cgroup.controllers" dev="sda1" ino=16381 res=1
04:06:14 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:16 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb", 0x34}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:06:16 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000002)

04:06:16 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:16 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:16 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)

04:06:16 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:17 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  534.794713][   T27] audit: type=1804 audit(1589169977.010:107): pid=20475 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir529998440/syzkaller.YRmlzs/275/cgroup.controllers" dev="sda1" ino=16241 res=1
04:06:17 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000002)

[  534.902150][   T27] audit: type=1804 audit(1589169977.110:108): pid=20476 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir284842994/syzkaller.7L1fyU/328/cgroup.controllers" dev="sda1" ino=16258 res=1
04:06:17 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  535.181274][   T27] audit: type=1804 audit(1589169977.400:109): pid=20493 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir529998440/syzkaller.YRmlzs/276/cgroup.controllers" dev="sda1" ino=16382 res=1
04:06:17 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)

04:06:17 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x0)

04:06:17 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  535.541881][   T27] audit: type=1804 audit(1589169977.760:110): pid=20513 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir529998440/syzkaller.YRmlzs/277/cgroup.controllers" dev="sda1" ino=16384 res=1
[  535.621145][   T27] audit: type=1804 audit(1589169977.840:111): pid=20511 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir284842994/syzkaller.7L1fyU/329/cgroup.controllers" dev="sda1" ino=16310 res=1
04:06:19 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:19 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1", 0x3d}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:06:19 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:19 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x0)

04:06:19 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mlockall(0x3)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:19 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  537.901391][   T27] audit: type=1804 audit(1589169980.120:112): pid=20537 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir529998440/syzkaller.YRmlzs/278/cgroup.controllers" dev="sda1" ino=16243 res=1
04:06:20 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:20 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x0)

04:06:20 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  538.239872][   T27] audit: type=1804 audit(1589169980.460:113): pid=20551 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir529998440/syzkaller.YRmlzs/279/cgroup.controllers" dev="sda1" ino=16243 res=1
04:06:20 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:20 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:20 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:20 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  540.218713][    T0] NOHZ: local_softirq_pending 08
04:06:23 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:23 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1", 0x3d}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:06:23 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:23 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:23 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mlockall(0x3)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:23 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:23 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:23 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:23 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x0, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:23 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x0, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:23 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:23 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x0, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:23 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x10, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:26 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1", 0x3d}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:06:26 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:26 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x10, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:26 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:26 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:26 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:26 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x10, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:26 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:26 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, 0xffffffffffffffff, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:26 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, 0xffffffffffffffff, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:26 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x0)

04:06:26 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, 0xffffffffffffffff, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  544.603372][   T27] audit: type=1804 audit(1589169986.821:114): pid=20715 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir529998440/syzkaller.YRmlzs/287/cgroup.controllers" dev="sda1" ino=16383 res=1
04:06:29 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce868250", 0x41}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:06:29 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:29 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x0, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:29 executing program 3:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:29 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:29 executing program 1:
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:29 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x0, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:29 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x0, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:29 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, 0x0)
dup(0xffffffffffffffff)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:29 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, 0x0, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:29 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, 0x0, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:29 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, 0x0, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:32 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce868250", 0x41}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:06:32 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:32 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0)
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:32 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:32 executing program 1:
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:32 executing program 3:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:32 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0)
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:32 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0)
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:32 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, 0x0)

04:06:32 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:32 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, 0x0)

04:06:32 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, 0x0)

[  551.737328][    T0] NOHZ: local_softirq_pending 08
04:06:35 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce868250", 0x41}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:06:35 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:35 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:35 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:35 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:35 executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:35 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:35 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:36 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:36 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:36 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:36 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:38 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fce", 0x43}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:06:38 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:38 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:38 executing program 2:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0)
ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000040)=0x8002)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0)

04:06:38 executing program 3:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0)
ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000040)=0x8002)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x44000, 0x0)

04:06:38 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:38 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:38 executing program 3:
clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r1, 0x40096100, 0x0)
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r2, 0x40096100, 0x0)
syz_open_procfs(0x0, 0x0)

04:06:38 executing program 2:
clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r2, 0x40096100, 0x0)
r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r3, 0x40096100, 0x0)
syz_open_procfs(0x0, 0x0)

04:06:38 executing program 3:
clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r2, 0x40096100, 0x0)
r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r3, 0x40096100, 0x0)
syz_open_procfs(0x0, 0x0)

[  556.564034][T20977] QAT: failed to copy from user cfg_data.
[  556.589582][T20978] QAT: failed to copy from user cfg_data.
04:06:38 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:38 executing program 2:
clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r2, 0x40096100, 0x0)
r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r3, 0x40096100, 0x0)
syz_open_procfs(0x0, 0x0)

[  556.616317][T20982] QAT: failed to copy from user cfg_data.
[  556.643543][T20981] QAT: failed to copy from user cfg_data.
[  556.720096][T20986] QAT: failed to copy from user cfg_data.
[  556.737358][T20988] QAT: failed to copy from user cfg_data.
[  556.776826][T20990] QAT: failed to copy from user cfg_data.
[  556.799917][T20990] QAT: failed to copy from user cfg_data.
04:06:41 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fce", 0x43}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:06:41 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440)='ethtool\x00')
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000007c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="03070006000000fdff00170000000400"], 0x18}}, 0x0)

04:06:41 executing program 2:
clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r2, 0x40096100, 0x0)
r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r3, 0x40096100, 0x0)
syz_open_procfs(0x0, 0x0)

04:06:41 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:41 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:41 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:41 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:41 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440)='ethtool\x00')
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000007c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="03070006000000fdff0017000000"], 0x18}}, 0x0)

04:06:41 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  559.724620][T21042] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
04:06:42 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:42 executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x4000000090b, 0x2001)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000040)=@urb_type_control={0x2, {}, 0x0, 0xa1, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  559.972147][T21056] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  560.009757][T21056] vhci_hcd: default hub control req: 0000 v0000 i0000 l0
04:06:42 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  561.333435][    T0] NOHZ: local_softirq_pending 08
04:06:44 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:44 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440)='ethtool\x00')
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000007c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB], 0x18}}, 0x0)

04:06:44 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fce", 0x43}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:06:44 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:44 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:44 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440)='ethtool\x00')
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000007c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB], 0x18}}, 0x0)

04:06:44 executing program 2:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440)='ethtool\x00')
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000007c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="03070006000000fdff001700000004000180"], 0x18}}, 0x0)

04:06:44 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:44 executing program 3:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440)='ethtool\x00')
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000007c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="03070006000000fdff001700000004000180"], 0x18}}, 0x0)

04:06:45 executing program 2:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440)='ethtool\x00')
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000007c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="03070006000000fdff001700000004000180"], 0x18}}, 0x0)

04:06:45 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:45 executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x4000000090b, 0x2001)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
dup(r1)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000040)=@urb_type_control={0x2, {}, 0x0, 0xa1, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

04:06:45 executing program 2:
r0 = socket(0x11, 0x3, 0x0)
ioctl$SIOCSIFMTU(r0, 0x8914, &(0x7f0000000000)={'hsr0\x00'})
shmget(0x2, 0x4000, 0x78000000, &(0x7f0000ffc000/0x4000)=nil)
socket$inet6(0xa, 0x0, 0x84)
syz_open_dev$dmmidi(0x0, 0x0, 0x0)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r1, 0x4, 0x2000)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000480)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000150600000fff07003506000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9bfad4301000000000095000000000000000500000000004000950000000000b9e1e603f862b5173583f1d7eb634f76b1cef9eeb7763c14f8f7494a564babf363654191aadbd61d7d0bdc18ebc296e1085dcbdf299b20712872a269cb051b233ea0bdb6a80b4c05f82dfafe5f7ace236861a8e3c9de7b9acd782bea026f25e26ab2430243f2155491072a55d5ff51de093dcf8cffed7409bfd712b24ffed61e78648f791c1abe4604b7e0fea0953f7d8f92037261dbe8791ea01c826928563a5488dfb605d26dbfb74289975594b56e4a9c7163e7bce1672ef356d20d66e7810341fae4aa0116bba4f4d5a77d2f4f9220f79dc917755e66e953800ea5578f97c793baaac7ff56c6678563f482ed32fadccb750786e574fb251bd26941ebdceed7744ac909e29a9562eddc985fee5bb668ca48cbd7488ae353e7feadddbd678963475fdd7786586d4dc05b502922cd6fc3f7346f365a9a51de24c1f97badd02fd1e55f04602a057f7d3d61913355ce6f38de5bb7aa7e13eaf320bdd3229e4517ff4786785553d47a5af429ff29bde9fbb096c03e5b25aff8381641eb9b171f57e1a71c3787fedbfc5d87c06af820185e350e373c705d172505d805330ba81737c63cdc74e3a70d2f88d8e2e759dfae0842e450d99a2bfac2a481ce5bdfb1f06c2386cb30cc591a875bbe442afdd51afecbde83c6a82b18d77b35e872a8b1e9d7c5649b5f24836d72ad3f47990509a45b7ab2ebc3200359c4bfd9100bb0f055bb228036344acd7ef5c20207845e906ac3a9dbcd1ec3b900000000000000db86fb56f7d9e2c826c170afa1eab8f3f0144b96b9edff19dccd41d9bfd5d3d1a9c79cb41027f063b6c3f84829c3fcc74e5eda26d675fcfb4fec948f340d4200"/791], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x1f1}, 0x48)
exit(0x5000000)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42000)
perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
accept4$unix(r0, &(0x7f0000000140), &(0x7f0000000080)=0x6e, 0x800)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000200)={{{@in=@remote}}, {{@in6=@private0}, 0x0, @in=@empty}}, &(0x7f00000000c0)=0xe8)
r2 = socket(0x11, 0x3, 0x0)
ioctl$SIOCSIFMTU(r2, 0x8914, &(0x7f00000001c0)={'hsr0\x00', 0x1})

[  563.025816][T21123] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  563.059144][T21123] vhci_hcd: default hub control req: 0000 v0000 i0000 l0
04:06:45 executing program 3 (fault-call:10 fault-nth:0):
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  563.303866][T21132] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  563.354120][T21144] FAULT_INJECTION: forcing a failure.
[  563.354120][T21144] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  563.411202][T21144] CPU: 1 PID: 21144 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  563.419883][T21144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  563.429929][T21144] Call Trace:
[  563.433298][T21144]  dump_stack+0x11d/0x187
[  563.437683][T21144]  should_fail.cold+0x5/0xf
[  563.442196][T21144]  __alloc_pages_nodemask+0xcf/0x300
[  563.447480][T21144]  alloc_pages_current+0xca/0x170
[  563.452576][T21144]  pte_alloc_one+0x14/0x50
[  563.456989][T21144]  __handle_mm_fault+0x2d17/0x2da0
[  563.462134][T21144]  handle_mm_fault+0x21c/0x540
[  563.466909][T21144]  do_page_fault+0x48a/0xa96
[  563.471518][T21144]  ? do_syscall_64+0x27f/0x3b0
[  563.476280][T21144]  page_fault+0x34/0x40
[  563.480425][T21144] RIP: 0033:0x476405
[  563.484315][T21144] Code: ff ff 44 89 8d 30 fb ff ff e8 27 f2 fb ff 44 8b 8d 30 fb ff ff 4c 8b 85 28 fb ff ff e9 72 ec ff ff 31 c0 48 83 c9 ff 4c 89 df <f2> ae c7 85 28 fb ff ff 00 00 00 00 48 89 c8 48 f7 d0 4c 8d 50 ff
[  563.503909][T21144] RSP: 002b:00007f756e297410 EFLAGS: 00010286
[  563.509981][T21144] RAX: 0000000000000000 RBX: 00007f756e297970 RCX: ffffffffffffffff
[  563.517945][T21144] RDX: 0000000000000030 RSI: 00007f756e297928 RDI: 0000000020000300
[  563.525911][T21144] RBP: 00007f756e297960 R08: 0000000000000000 R09: 000000000000000b
[  563.533883][T21144] R10: 0000000000000073 R11: 0000000020000300 R12: 00000000004c1781
[  563.541850][T21144] R13: 00007f756e297ae8 R14: 00000000004c178c R15: 0000000000000000
04:06:47 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:47 executing program 3 (fault-call:10 fault-nth:1):
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:47 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd", 0x44}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:06:47 executing program 2:
r0 = socket(0x11, 0x3, 0x0)
ioctl$SIOCSIFMTU(r0, 0x8914, &(0x7f0000000000)={'hsr0\x00'})
shmget(0x2, 0x4000, 0x78000000, &(0x7f0000ffc000/0x4000)=nil)
socket$inet6(0xa, 0x0, 0x84)
syz_open_dev$dmmidi(0x0, 0x0, 0x0)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r1, 0x4, 0x2000)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000480)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000150600000fff07003506000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9bfad4301000000000095000000000000000500000000004000950000000000b9e1e603f862b5173583f1d7eb634f76b1cef9eeb7763c14f8f7494a564babf363654191aadbd61d7d0bdc18ebc296e1085dcbdf299b20712872a269cb051b233ea0bdb6a80b4c05f82dfafe5f7ace236861a8e3c9de7b9acd782bea026f25e26ab2430243f2155491072a55d5ff51de093dcf8cffed7409bfd712b24ffed61e78648f791c1abe4604b7e0fea0953f7d8f92037261dbe8791ea01c826928563a5488dfb605d26dbfb74289975594b56e4a9c7163e7bce1672ef356d20d66e7810341fae4aa0116bba4f4d5a77d2f4f9220f79dc917755e66e953800ea5578f97c793baaac7ff56c6678563f482ed32fadccb750786e574fb251bd26941ebdceed7744ac909e29a9562eddc985fee5bb668ca48cbd7488ae353e7feadddbd678963475fdd7786586d4dc05b502922cd6fc3f7346f365a9a51de24c1f97badd02fd1e55f04602a057f7d3d61913355ce6f38de5bb7aa7e13eaf320bdd3229e4517ff4786785553d47a5af429ff29bde9fbb096c03e5b25aff8381641eb9b171f57e1a71c3787fedbfc5d87c06af820185e350e373c705d172505d805330ba81737c63cdc74e3a70d2f88d8e2e759dfae0842e450d99a2bfac2a481ce5bdfb1f06c2386cb30cc591a875bbe442afdd51afecbde83c6a82b18d77b35e872a8b1e9d7c5649b5f24836d72ad3f47990509a45b7ab2ebc3200359c4bfd9100bb0f055bb228036344acd7ef5c20207845e906ac3a9dbcd1ec3b900000000000000db86fb56f7d9e2c826c170afa1eab8f3f0144b96b9edff19dccd41d9bfd5d3d1a9c79cb41027f063b6c3f84829c3fcc74e5eda26d675fcfb4fec948f340d4200"/791], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x1f1}, 0x48)
exit(0x5000000)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42000)
perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
accept4$unix(r0, &(0x7f0000000140), &(0x7f0000000080)=0x6e, 0x800)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000200)={{{@in=@remote}}, {{@in6=@private0}, 0x0, @in=@empty}}, &(0x7f00000000c0)=0xe8)
r2 = socket(0x11, 0x3, 0x0)
ioctl$SIOCSIFMTU(r2, 0x8914, &(0x7f00000001c0)={'hsr0\x00', 0x1})

04:06:47 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:47 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  565.767001][T21173] FAULT_INJECTION: forcing a failure.
[  565.767001][T21173] name failslab, interval 1, probability 0, space 0, times 1
[  565.779614][T21173] CPU: 0 PID: 21173 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  565.788284][T21173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  565.798335][T21173] Call Trace:
[  565.801633][T21173]  dump_stack+0x11d/0x187
[  565.806048][T21173]  should_fail.cold+0x5/0xf
[  565.810590][T21173]  __should_failslab+0x82/0xb0
[  565.815363][T21173]  should_failslab+0x5/0xf
[  565.819789][T21173]  kmem_cache_alloc+0x23/0x5e0
[  565.824583][T21173]  ? __rcu_read_unlock+0x77/0x390
[  565.829615][T21173]  __sigqueue_alloc+0x128/0x2c0
[  565.834475][T21173]  __send_signal+0x63d/0x8a0
[  565.839101][T21173]  send_signal+0x211/0x2a0
[  565.843542][T21173]  ? check_stack_object+0x76/0x90
[  565.848575][T21173]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  565.854475][T21173]  force_sig_info_to_task+0x1ea/0x220
[  565.859855][T21173]  force_sig_fault+0x80/0xb0
[  565.864522][T21173]  mm_fault_error+0x1ba/0x2a0
[  565.869224][T21173]  do_page_fault+0x9da/0xa96
[  565.873821][T21173]  ? do_syscall_64+0x27f/0x3b0
[  565.878590][T21173]  page_fault+0x34/0x40
[  565.882749][T21173] RIP: 0033:0x476405
[  565.886651][T21173] Code: ff ff 44 89 8d 30 fb ff ff e8 27 f2 fb ff 44 8b 8d 30 fb ff ff 4c 8b 85 28 fb ff ff e9 72 ec ff ff 31 c0 48 83 c9 ff 4c 89 df <f2> ae c7 85 28 fb ff ff 00 00 00 00 48 89 c8 48 f7 d0 4c 8d 50 ff
[  565.906269][T21173] RSP: 002b:00007f756e297410 EFLAGS: 00010286
04:06:48 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd", 0x44}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  565.912337][T21173] RAX: 0000000000000000 RBX: 00007f756e297970 RCX: ffffffffffffffff
[  565.920429][T21173] RDX: 0000000000000030 RSI: 00007f756e297928 RDI: 0000000020000300
[  565.928435][T21173] RBP: 00007f756e297960 R08: 0000000000000000 R09: 000000000000000b
[  565.936409][T21173] R10: 0000000000000073 R11: 0000000020000300 R12: 00000000004c1781
[  565.944434][T21173] R13: 00007f756e297ae8 R14: 00000000004c178c R15: 0000000000000000
04:06:48 executing program 3 (fault-call:10 fault-nth:2):
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:48 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  566.077483][T21168] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
04:06:48 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:48 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, 0x0)

04:06:48 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
unshare(0x28000480)
syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x0, 0x0)
ppoll(&(0x7f0000000100)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x17, 0x0, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r5)
ioctl$SNDRV_TIMER_IOCTL_PVERSION(r6, 0x80045400, &(0x7f0000000040))
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:48 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:49 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000840)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd12b086dcbe7eaf1e356ab7b13cb6207239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff070000000000000000000000000000000000000000000000000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800"/908], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:49 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:49 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, 0x0)

04:06:49 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$pptp(0x18, 0x1, 0x2)
ioctl$sock_SIOCGIFBR(r2, 0x8940, &(0x7f0000000180)=@generic={0x2, 0x8001})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = dup(r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080)='batadv\x00')
sendmsg$BATADV_CMD_SET_VLAN(r6, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x40, r7, 0x4, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xe41cbf4}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="ceccbf1c1547"}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x40}}, 0x20000000)
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:49 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:51 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd", 0x44}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:06:51 executing program 2 (fault-call:6 fault-nth:0):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)

04:06:51 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001072fd000000f7000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004fe"], 0x1)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='net/ip6_flowlabel\x00')
ioctl$SNDRV_PCM_IOCTL_STATUS32(r2, 0x806c4120, &(0x7f0000000040))
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DAEMON(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="000c0003800800010001000000000000000000000000000000001d487eacc59f84baf2c5e4b8c81d98ad4b83ff83e7ad59da3545cf466d0279ea514a65a184df5ba99655581558aa837a51501bf8f8bd715f1d421a14ec1bb0a4885ade9aebfb4924e14e180faf54ef837a71cbf169f85f7f3b3001709ae022d7765f6aa8332ce7c56efc6ad6b9fb2cbb4a22d84c8c32e88eb19db4693fc58c1d805976f494dcba15d61064d8683c521489c882271344f0a32bd0163f9b98310cc7529d8d1b235d167431945d703589990b0d9fbd698a2ccc3d1cff61e96f53236c1ca06bc9a1661ed94336a97183a729e787ce9d3234e0cf0376a34fc9769f5526bbc9b8157658aaa46429db1a0d35287501bd5daf0b34bc5c72fdc16ed8d159daf26060832992205ed9d78bdd82499d8ab7bd9b58735e51d0639fbee7c4c060ab32f0965280ed45ce8aa24d841514a9cf26df79"], 0x20}}, 0x0)
r5 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dlm_plock\x00', 0xa0400, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00')
sendmsg$TIPC_CMD_SET_NETID(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r7, 0x96f60ba188302d1f, 0x0, 0x0, {{}, {}, {0x68}}}, 0x24}}, 0x0)
sendmsg$TIPC_CMD_GET_LINKS(r5, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x24, r7, 0x108, 0x70bd25, 0x25dfdbfb, {{}, {}, {0x8, 0x11, 0x8000}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000)
sendmsg$IPVS_CMD_GET_DAEMON(r2, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000140)={0x124, r4, 0x2, 0x70bd2b, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x5}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x1}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x1}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x81}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x786a}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x9}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x1f}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x4}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}]}, @IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'dummy0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @empty}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1ff}, @IPVS_CMD_ATTR_SERVICE={0x50, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'lc\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'nq\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@private2={0xfc, 0x2, [], 0x1}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x10, 0x1}}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8}]}]}, 0x124}, 0x1, 0x0, 0x0, 0xc000}, 0x1)

04:06:51 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, 0x0)

04:06:51 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:51 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  569.230592][   T27] audit: type=1804 audit(1589170011.455:115): pid=21290 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/371/cgroup.controllers" dev="sda1" ino=16205 res=1
[  569.236729][T21290] FAULT_INJECTION: forcing a failure.
[  569.236729][T21290] name failslab, interval 1, probability 0, space 0, times 0
04:06:51 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f80270000000000000000000000680043540000000000000000000000000b0000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0xa000, 0x44)
r6 = open(&(0x7f0000000000)='./file0\x00', 0x40c2, 0xd4)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r7=>0x0}, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000180)={0x4, 0x8000, 0xffffffff, 0x0, r7}, 0x10)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r5, 0x84, 0x17, &(0x7f0000000100)={r7, 0x4, 0xc9, "71a7038da58926ab14be6576d2364646f8081c47ad507fdba789ef7d1ef777d54dcc5b847d46da351b7a33017b4249e8c25cf4a9b739f1ff51dde5ad5c34369cf3605f9709a030d2b8dc4e853917c3a8991d707e9b03fe8f5526e1b968a085579914502a321a0e9933f5c53d0ed05edf495458e96aaf4eef78f1be7cc192f8bc99131e5a3582ed2068ddedb112934163e33fd53890b4fca4da813cb8c93662aea010f0ac97738851fdf8cf16863f435aab4833abfb03ac6a2a7b011d571698691b4f2dde5bd5400e47"}, 0xd1)
r8 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
ioctl$UI_DEV_SETUP(r8, 0x405c5503, &(0x7f0000000040)={{0x101, 0xbe5b, 0x1ff, 0x9}, 'syz0\x00', 0x30})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  569.371267][T21290] CPU: 1 PID: 21290 Comm: syz-executor.2 Not tainted 5.7.0-rc1-syzkaller #0
[  569.379965][T21290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  569.390009][T21290] Call Trace:
[  569.393388][T21290]  dump_stack+0x11d/0x187
[  569.397727][T21290]  should_fail.cold+0x5/0xf
[  569.402245][T21290]  __should_failslab+0x82/0xb0
[  569.407011][T21290]  should_failslab+0x5/0xf
[  569.411500][T21290]  kmem_cache_alloc_trace+0x26/0x5f0
[  569.416792][T21290]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  569.422691][T21290]  alloc_pipe_info+0xf3/0x3d0
[  569.427375][T21290]  splice_direct_to_actor+0x4b8/0x540
[  569.432917][T21290]  ? apparmor_file_permission+0x35/0x40
[  569.438474][T21290]  ? security_file_permission+0x86/0x300
[  569.444110][T21290]  ? generic_pipe_buf_nosteal+0x20/0x20
[  569.449661][T21290]  do_splice_direct+0x152/0x1d0
[  569.454522][T21290]  do_sendfile+0x380/0x800
[  569.458948][T21290]  __x64_sys_sendfile64+0x121/0x140
[  569.464189][T21290]  ? constant_test_bit+0xd/0x30
[  569.469095][T21290]  do_syscall_64+0xc7/0x3b0
[  569.473601][T21290]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  569.479493][T21290] RIP: 0033:0x45c829
[  569.483440][T21290] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  569.503043][T21290] RSP: 002b:00007fa7386ecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  569.511453][T21290] RAX: ffffffffffffffda RBX: 00000000004fc2e0 RCX: 000000000045c829
04:06:51 executing program 4 (fault-call:3 fault-nth:0):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:51 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$IMGETCOUNT(r3, 0x80044943, &(0x7f0000000040))
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x6)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  569.519472][T21290] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005
[  569.527431][T21290] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  569.535398][T21290] R10: 0000000100000002 R11: 0000000000000246 R12: 0000000000000006
[  569.543380][T21290] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007fa7386ed6d4
04:06:51 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000840)=ANY=[@ANYRES32=r3], 0x1)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$SIOCGETLINKNAME(0xffffffffffffffff, 0x89e0, &(0x7f0000000140)={0x0, 0x3})
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
r7 = dup(r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
getsockopt$PNPIPE_INITSTATE(r7, 0x113, 0x4, &(0x7f0000000100), &(0x7f0000000080)=0xfffffffffffffda3)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  569.685636][T21316] FAULT_INJECTION: forcing a failure.
[  569.685636][T21316] name failslab, interval 1, probability 0, space 0, times 0
[  569.759099][T21316] CPU: 0 PID: 21316 Comm: syz-executor.4 Not tainted 5.7.0-rc1-syzkaller #0
[  569.767798][T21316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  569.777844][T21316] Call Trace:
[  569.781143][T21316]  dump_stack+0x11d/0x187
[  569.785481][T21316]  should_fail.cold+0x5/0xf
[  569.789991][T21316]  __should_failslab+0x82/0xb0
[  569.794764][T21316]  should_failslab+0x5/0xf
[  569.799183][T21316]  __kmalloc+0x54/0x640
[  569.803437][T21316]  ? tomoyo_realpath_from_path+0x85/0x3d0
04:06:52 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
sendmsg$xdp(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="66104f6aff09de5742c70de560b2af8fca81b5be1527ac1d970b1e24e27831f98b194efb9d6acd7bd89fc670007754", 0x2f}, {&(0x7f0000000080)="aae4a1e7aa10d1a2bb41983ee734a1ccbb5b63149c65d1bbcf4593c65f61daa0a96d747f499023af56cdb2feba4f64", 0x2f}], 0x2, 0x0, 0x0, 0x8000}, 0x44850)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  569.809212][T21316]  tomoyo_realpath_from_path+0x85/0x3d0
[  569.814864][T21316]  tomoyo_path_number_perm+0xff/0x360
[  569.820241][T21316]  ? _parse_integer+0x12f/0x150
[  569.825139][T21316]  ? __fget_files+0xa2/0x1c0
[  569.829745][T21316]  tomoyo_file_ioctl+0x28/0x40
[  569.834570][T21316]  security_file_ioctl+0x69/0xa0
[  569.839527][T21316]  ksys_ioctl+0x5a/0x150
[  569.843836][T21316]  __x64_sys_ioctl+0x47/0x60
[  569.848439][T21316]  do_syscall_64+0xc7/0x3b0
[  569.852944][T21316]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
04:06:52 executing program 2 (fault-call:6 fault-nth:1):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)

[  569.858916][T21316] RIP: 0033:0x45c829
[  569.862826][T21316] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  569.882430][T21316] RSP: 002b:00007f75108adc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  569.890851][T21316] RAX: ffffffffffffffda RBX: 00000000004e7460 RCX: 000000000045c829
[  569.898822][T21316] RDX: 0000000020000040 RSI: 000000004010ae42 RDI: 0000000000000004
[  569.906801][T21316] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
[  569.914832][T21316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  569.922801][T21316] R13: 00000000000003a2 R14: 00000000004c61e0 R15: 00007f75108ae6d4
[  570.081922][   T27] audit: type=1804 audit(1589170012.315:116): pid=21328 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/372/cgroup.controllers" dev="sda1" ino=16263 res=1
[  570.109071][T21328] FAULT_INJECTION: forcing a failure.
[  570.109071][T21328] name failslab, interval 1, probability 0, space 0, times 0
[  570.130933][T21328] CPU: 0 PID: 21328 Comm: syz-executor.2 Not tainted 5.7.0-rc1-syzkaller #0
[  570.139615][T21328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  570.149676][T21328] Call Trace:
[  570.153008][T21328]  dump_stack+0x11d/0x187
[  570.157350][T21328]  should_fail.cold+0x5/0xf
[  570.161864][T21328]  __should_failslab+0x82/0xb0
[  570.166636][T21328]  should_failslab+0x5/0xf
[  570.171179][T21328]  __kmalloc+0x54/0x640
[  570.175346][T21328]  ? kmem_cache_alloc_trace+0x22b/0x5f0
[  570.180890][T21328]  ? alloc_pipe_info+0x205/0x3d0
[  570.185839][T21328]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  570.191814][T21328]  alloc_pipe_info+0x205/0x3d0
[  570.196588][T21328]  splice_direct_to_actor+0x4b8/0x540
[  570.202017][T21328]  ? apparmor_file_permission+0x35/0x40
[  570.207568][T21328]  ? security_file_permission+0x86/0x300
[  570.213339][T21328]  ? generic_pipe_buf_nosteal+0x20/0x20
[  570.218893][T21328]  do_splice_direct+0x152/0x1d0
[  570.223753][T21328]  do_sendfile+0x380/0x800
[  570.228179][T21328]  __x64_sys_sendfile64+0x121/0x140
[  570.233395][T21328]  do_syscall_64+0xc7/0x3b0
[  570.237903][T21328]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  570.243789][T21328] RIP: 0033:0x45c829
[  570.247687][T21328] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  570.249681][T21316] ERROR: Out of memory at tomoyo_realpath_from_path.
[  570.267284][T21328] RSP: 002b:00007fa7386ecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  570.267304][T21328] RAX: ffffffffffffffda RBX: 00000000004fc2e0 RCX: 000000000045c829
[  570.267314][T21328] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005
[  570.267324][T21328] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  570.267334][T21328] R10: 0000000100000002 R11: 0000000000000246 R12: 0000000000000006
[  570.267346][T21328] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007fa7386ed6d4
04:06:54 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:54 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000840)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000002000000000000000000000000000000000000000000000004feffffff785d66ba033406d1b8b7dd"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:06:54 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x1, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:06:54 executing program 4 (fault-call:3 fault-nth:1):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:54 executing program 2 (fault-call:6 fault-nth:2):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)

04:06:54 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  572.275794][T21357] FAULT_INJECTION: forcing a failure.
[  572.275794][T21357] name failslab, interval 1, probability 0, space 0, times 0
[  572.324585][   T27] audit: type=1804 audit(1589170014.556:117): pid=21356 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/373/cgroup.controllers" dev="sda1" ino=16019 res=1
[  572.351880][T21356] FAULT_INJECTION: forcing a failure.
[  572.351880][T21356] name failslab, interval 1, probability 0, space 0, times 0
[  572.357713][T21357] CPU: 1 PID: 21357 Comm: syz-executor.4 Not tainted 5.7.0-rc1-syzkaller #0
[  572.373140][T21357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  572.383187][T21357] Call Trace:
[  572.386487][T21357]  dump_stack+0x11d/0x187
[  572.391720][T21357]  should_fail.cold+0x5/0xf
[  572.396251][T21357]  __should_failslab+0x82/0xb0
[  572.401005][T21357]  should_failslab+0x5/0xf
[  572.405419][T21357]  __kmalloc+0x54/0x640
[  572.409619][T21357]  ? tomoyo_encode2.part.0+0xd0/0x240
[  572.414987][T21357]  ? __should_failslab+0x8a/0xb0
[  572.419920][T21357]  ? debug_smp_processor_id+0x3f/0x129
[  572.425392][T21357]  tomoyo_encode2.part.0+0xd0/0x240
[  572.430714][T21357]  tomoyo_encode+0x32/0x50
[  572.435214][T21357]  tomoyo_realpath_from_path+0x11e/0x3d0
[  572.440839][T21357]  tomoyo_path_number_perm+0xff/0x360
[  572.446202][T21357]  ? _parse_integer+0x12f/0x150
[  572.451088][T21357]  ? __fget_files+0xa2/0x1c0
[  572.455758][T21357]  tomoyo_file_ioctl+0x28/0x40
[  572.460526][T21357]  security_file_ioctl+0x69/0xa0
[  572.465519][T21357]  ksys_ioctl+0x5a/0x150
[  572.469763][T21357]  __x64_sys_ioctl+0x47/0x60
[  572.474414][T21357]  do_syscall_64+0xc7/0x3b0
[  572.478933][T21357]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  572.484812][T21357] RIP: 0033:0x45c829
[  572.488759][T21357] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  572.508399][T21357] RSP: 002b:00007f75108adc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  572.516903][T21357] RAX: ffffffffffffffda RBX: 00000000004e7460 RCX: 000000000045c829
[  572.524876][T21357] RDX: 0000000020000040 RSI: 000000004010ae42 RDI: 0000000000000004
[  572.532837][T21357] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
[  572.540795][T21357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  572.548782][T21357] R13: 00000000000003a2 R14: 00000000004c61e0 R15: 00007f75108ae6d4
[  572.566714][T21356] CPU: 0 PID: 21356 Comm: syz-executor.2 Not tainted 5.7.0-rc1-syzkaller #0
04:06:54 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
r6 = dup2(r3, r5)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00', r6}, 0x10)

04:06:54 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x1, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  572.575428][T21356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  572.585590][T21356] Call Trace:
[  572.588979][T21356]  dump_stack+0x11d/0x187
[  572.593321][T21356]  should_fail.cold+0x5/0xf
[  572.597836][T21356]  __should_failslab+0x82/0xb0
[  572.602603][T21356]  should_failslab+0x5/0xf
[  572.607108][T21356]  kmem_cache_alloc_trace+0x26/0x5f0
[  572.612406][T21356]  iomap_dio_rw+0x11f/0x9a0
[  572.616943][T21356]  ? aa_file_perm+0x401/0xb20
[  572.621628][T21356]  ? mntput+0x5a/0x80
[  572.625624][T21356]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  572.631528][T21356]  ? ext4_inode_journal_mode+0x8d/0x260
[  572.637081][T21356]  ? ext4_file_read_iter+0x2b4/0x360
[  572.642411][T21356]  ext4_file_read_iter+0x2b4/0x360
[  572.647579][T21356]  generic_file_splice_read+0x2df/0x470
[  572.653138][T21356]  ? add_to_pipe+0x1b0/0x1b0
[  572.657734][T21356]  do_splice_to+0xc7/0x100
[  572.662203][T21356]  splice_direct_to_actor+0x1b9/0x540
[  572.667711][T21356]  ? generic_pipe_buf_nosteal+0x20/0x20
[  572.673303][T21356]  do_splice_direct+0x152/0x1d0
[  572.678243][T21356]  do_sendfile+0x380/0x800
[  572.682809][T21356]  __x64_sys_sendfile64+0x121/0x140
[  572.688105][T21356]  do_syscall_64+0xc7/0x3b0
[  572.692691][T21356]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  572.698580][T21356] RIP: 0033:0x45c829
[  572.702584][T21356] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  572.722220][T21356] RSP: 002b:00007fa7386ecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  572.730637][T21356] RAX: ffffffffffffffda RBX: 00000000004fc2e0 RCX: 000000000045c829
[  572.738607][T21356] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005
[  572.746585][T21356] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  572.754555][T21356] R10: 0000000100000002 R11: 0000000000000246 R12: 0000000000000006
[  572.762519][T21356] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007fa7386ed6d4
04:06:55 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x13, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  572.793919][T21357] ERROR: Out of memory at tomoyo_realpath_from_path.
04:06:55 executing program 4 (fault-call:3 fault-nth:2):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:55 executing program 2 (fault-call:6 fault-nth:3):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)

04:06:55 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x2)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
open_by_handle_at(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="6f000000028400001ddfb625b3e9e94bed4b5563f32f3b417de966b419fc40448b60fd9bc59c3e4dfb88910deb249ec90ff4fc3590ac132c637ef063cf1456282895f43c5bde691c7b331b0496c60008d568f26ac06ccac8fde1e1382aedb3dc5b77bd3615e88dde6ae4bc9aa00e651f93492d479cb896b4662f8844cf5b64ff84a58f41784cd6ef51188353d36caad3e6ca831ad8957844b061734a9d47"], 0x218042)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  573.109901][   T27] audit: type=1804 audit(1589170015.336:118): pid=21394 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/374/cgroup.controllers" dev="sda1" ino=16019 res=1
[  573.112689][T21394] FAULT_INJECTION: forcing a failure.
[  573.112689][T21394] name failslab, interval 1, probability 0, space 0, times 0
[  573.232510][T21394] CPU: 1 PID: 21394 Comm: syz-executor.2 Not tainted 5.7.0-rc1-syzkaller #0
[  573.241201][T21394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  573.251253][T21394] Call Trace:
[  573.254554][T21394]  dump_stack+0x11d/0x187
[  573.258900][T21394]  should_fail.cold+0x5/0xf
[  573.263417][T21394]  __should_failslab+0x82/0xb0
[  573.268184][T21394]  should_failslab+0x5/0xf
[  573.272609][T21394]  kmem_cache_alloc+0x23/0x5e0
[  573.277373][T21394]  ? _raw_spin_unlock_irq+0x55/0x80
[  573.282585][T21394]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  573.288486][T21394]  ext4_init_io_end+0x4d/0x120
[  573.290981][T21396] FAULT_INJECTION: forcing a failure.
[  573.290981][T21396] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  573.293255][T21394]  ext4_writepages+0x577/0x1e10
[  573.293344][T21394]  ? debug_smp_processor_id+0x3f/0x129
[  573.316761][T21394]  ? ext4_mark_inode_dirty+0x420/0x420
[  573.322257][T21394]  ? do_writepages+0x6b/0x170
[  573.327041][T21394]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  573.339204][T21394]  do_writepages+0x6b/0x170
[  573.343784][T21394]  ? _raw_spin_unlock+0x38/0x60
[  573.348636][T21394]  ? wbc_attach_and_unlock_inode+0xdd/0x3b0
[  573.354526][T21394]  __filemap_fdatawrite_range+0x1bb/0x220
[  573.360259][T21394]  filemap_write_and_wait_range+0xad/0x140
[  573.366070][T21394]  iomap_dio_rw+0x3a2/0x9a0
[  573.370581][T21394]  ? mntput+0x5a/0x80
[  573.374570][T21394]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  573.380491][T21394]  ? ext4_file_read_iter+0x2b4/0x360
[  573.385778][T21394]  ext4_file_read_iter+0x2b4/0x360
[  573.390957][T21394]  generic_file_splice_read+0x2df/0x470
[  573.396517][T21394]  ? add_to_pipe+0x1b0/0x1b0
[  573.401545][T21394]  do_splice_to+0xc7/0x100
[  573.406039][T21394]  splice_direct_to_actor+0x1b9/0x540
[  573.411423][T21394]  ? generic_pipe_buf_nosteal+0x20/0x20
[  573.416982][T21394]  do_splice_direct+0x152/0x1d0
[  573.421875][T21394]  do_sendfile+0x380/0x800
[  573.426340][T21394]  __x64_sys_sendfile64+0x121/0x140
[  573.431546][T21394]  do_syscall_64+0xc7/0x3b0
[  573.436054][T21394]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  573.441964][T21394] RIP: 0033:0x45c829
[  573.445867][T21394] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  573.465476][T21394] RSP: 002b:00007fa7386ecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  573.473911][T21394] RAX: ffffffffffffffda RBX: 00000000004fc2e0 RCX: 000000000045c829
[  573.481886][T21394] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005
[  573.489859][T21394] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  573.497838][T21394] R10: 0000000100000002 R11: 0000000000000246 R12: 0000000000000006
[  573.505814][T21394] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007fa7386ed6d4
[  573.516448][T21396] CPU: 0 PID: 21396 Comm: syz-executor.4 Not tainted 5.7.0-rc1-syzkaller #0
[  573.525133][T21396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  573.535316][T21396] Call Trace:
[  573.538620][T21396]  dump_stack+0x11d/0x187
[  573.542962][T21396]  should_fail.cold+0x5/0xf
[  573.547470][T21396]  __alloc_pages_nodemask+0xcf/0x300
[  573.552771][T21396]  alloc_pages_vma+0x29b/0x390
[  573.557535][T21396]  do_huge_pmd_anonymous_page+0x2af/0x11a0
[  573.563352][T21396]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  573.569422][T21396]  __handle_mm_fault+0x1f5b/0x2da0
[  573.574546][T21396]  ? retint_kernel+0x1b/0x1b
[  573.579168][T21396]  handle_mm_fault+0x21c/0x540
[  573.583936][T21396]  do_page_fault+0x48a/0xa96
[  573.588533][T21396]  ? _raw_spin_unlock_irq+0x55/0x80
[  573.593762][T21396]  page_fault+0x34/0x40
[  573.597921][T21396] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30
[  573.604508][T21396] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 <f3> a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4
[  573.624372][T21396] RSP: 0018:ffffc90003af3ce8 EFLAGS: 00010206
[  573.630437][T21396] RAX: ffff88807118fa98 RBX: 0000000000004200 RCX: 0000000000004200
[  573.638440][T21396] RDX: 0000000000004200 RSI: ffff8880776d4200 RDI: 0000000020d3c000
[  573.646418][T21396] RBP: ffff8880776d4200 R08: 0000000000000000 R09: 000088807118fc10
[  573.654439][T21396] R10: 0000ffffffffffff R11: 000088807118fc17 R12: 0000000020d3c000
[  573.662477][T21396] R13: 0000000020d40200 R14: 00007ffffffff000 R15: 0000000000000000
[  573.670480][T21396]  _copy_to_user+0x8f/0xb0
[  573.674950][T21396]  kvm_get_dirty_log_protect.isra.0+0x312/0x3d0
[  573.681243][T21396]  kvm_vm_ioctl+0x2ca/0x18b0
[  573.685881][T21396]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  573.691781][T21396]  ? do_vfs_ioctl+0x3a4/0xd00
[  573.696463][T21396]  ? tomoyo_file_ioctl+0x30/0x40
[  573.701419][T21396]  ? kvm_unregister_device_ops+0x80/0x80
[  573.707128][T21396]  ksys_ioctl+0x101/0x150
[  573.711468][T21396]  __x64_sys_ioctl+0x47/0x60
[  573.716065][T21396]  do_syscall_64+0xc7/0x3b0
[  573.720591][T21396]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  573.726499][T21396] RIP: 0033:0x45c829
[  573.730396][T21396] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  573.750080][T21396] RSP: 002b:00007f75108adc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  573.758552][T21396] RAX: ffffffffffffffda RBX: 00000000004e7460 RCX: 000000000045c829
[  573.766617][T21396] RDX: 0000000020000040 RSI: 000000004010ae42 RDI: 0000000000000004
[  573.774584][T21396] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
[  573.782554][T21396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  573.790658][T21396] R13: 00000000000003a2 R14: 00000000004c61e0 R15: 00007f75108ae6d4
04:06:56 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:56 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)

04:06:56 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, 0x0)

[  574.126004][   T27] audit: type=1804 audit(1589170016.356:119): pid=21415 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/375/cgroup.controllers" dev="sda1" ino=15773 res=1
04:06:56 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:56 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000003)

[  574.699703][   T27] audit: type=1804 audit(1589170016.926:120): pid=21432 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/376/cgroup.controllers" dev="sda1" ino=16019 res=1
04:06:57 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:57 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000004)

[  575.159181][   T27] audit: type=1804 audit(1589170017.386:121): pid=21449 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/377/cgroup.controllers" dev="sda1" ino=16019 res=1
04:06:57 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x1, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:06:57 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:57 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:57 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000008)

04:06:58 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, 0x0)

[  575.871522][   T27] audit: type=1804 audit(1589170018.106:122): pid=21460 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/378/cgroup.controllers" dev="sda1" ino=16254 res=1
04:06:58 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x10000000a)

04:06:58 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x2405, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  576.412674][   T27] audit: type=1804 audit(1589170018.646:123): pid=21478 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/379/cgroup.controllers" dev="sda1" ino=16254 res=1
04:06:58 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x3305, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:59 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x10000000d)

[  576.936050][   T27] audit: type=1804 audit(1589170019.166:124): pid=21496 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/380/cgroup.controllers" dev="sda1" ino=16218 res=1
04:06:59 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:59 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4c00, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:06:59 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x10000000f)

[  577.438394][   T27] audit: type=1804 audit(1589170019.666:125): pid=21514 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/381/cgroup.controllers" dev="sda1" ino=16310 res=1
04:07:01 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:01 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4c01, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:01 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, 0x0)

04:07:01 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000010)

04:07:01 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  578.993107][   T27] audit: type=1804 audit(1589170021.227:126): pid=21537 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/382/cgroup.controllers" dev="sda1" ino=16205 res=1
04:07:01 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x1000000e0)

04:07:01 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x541b, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  579.468139][   T27] audit: type=1804 audit(1589170021.697:127): pid=21550 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/383/cgroup.controllers" dev="sda1" ino=16213 res=1
04:07:01 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x1000000f0)

04:07:02 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x5421, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  579.928620][   T27] audit: type=1804 audit(1589170022.157:128): pid=21570 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/384/cgroup.controllers" dev="sda1" ino=16263 res=1
04:07:02 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x1000001fe)

04:07:02 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x5450, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  580.348987][   T27] audit: type=1804 audit(1589170022.577:129): pid=21581 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/385/cgroup.controllers" dev="sda1" ino=16213 res=1
04:07:02 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000300)

[  580.757226][   T27] audit: type=1804 audit(1589170022.987:130): pid=21591 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/386/cgroup.controllers" dev="sda1" ino=16220 res=1
04:07:04 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x5451, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:04 executing program 5 (fault-call:9 fault-nth:0):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:04 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:04 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:04 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000500)

04:07:04 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
ioctl$HIDIOCGUCODE(r3, 0xc018480d, &(0x7f0000000040)={0x3, 0xffffffff, 0x3, 0x8, 0x0, 0xe010})
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
dup(r4)
r5 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$DRM_IOCTL_AGP_ALLOC(r3, 0xc0206434, &(0x7f0000000100)={0xf2a1, <r6=>0x0, 0x1, 0x4})
ioctl$DRM_IOCTL_AGP_UNBIND(r5, 0x40106437, &(0x7f0000000140)={r6, 0x9ccc})
ioctl$EXT4_IOC_MOVE_EXT(r4, 0xc028660f, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x6, 0x1, 0xfffffffffffffff8, 0x2})

04:07:04 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
write$FUSE_POLL(r3, &(0x7f0000000040)={0x18, 0x0, 0x5, {0x800}}, 0x18)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  581.995367][   T27] audit: type=1804 audit(1589170024.227:131): pid=21605 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/387/cgroup.controllers" dev="sda1" ino=16213 res=1
04:07:04 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0x0, 0x10, 0x70bd2c, 0x25dfdbfc, {}, [@NBD_ATTR_SERVER_FLAGS={0xc}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000040}, 0x40008c0)

04:07:04 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000600)

04:07:04 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x5452, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:04 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
dup(r1)
getsockname$inet(r1, &(0x7f0000000140)={0x2, 0x0, @broadcast}, &(0x7f0000000280)=0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='attr/fscreate\x00')
getresgid(&(0x7f00000000c0), &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000180))
ioctl$TUNSETGROUP(r5, 0x400454ce, r6)
r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00')
sendmsg$L2TP_CMD_SESSION_CREATE(r5, &(0x7f00000002c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES16=r7, @ANYBLOB="000428bd7000fddbdf25050000000800090001000000060002000100000008001900ffffffff050005000000000005002100010000000600030000000000050006000700000014000800766574683000000000000000000000000c001600ff070000000000000500050001"], 0x74}}, 0x4080)
sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="00042bbd70544131a84e2b994d727900fddbdf250600000006001d000100000008000a000400000008001900ffffffff05001400000000000500040008000000"], 0x3c}, 0x1, 0x0, 0x0, 0x4000008}, 0x20000000)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:04 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f0000000040)={{0x0, 0x80}, 0x1, 0x7ff, 0x9, {0x9, 0xb5}, 0x9, 0x7})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  582.436481][   T27] audit: type=1804 audit(1589170024.667:132): pid=21638 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/388/cgroup.controllers" dev="sda1" ino=16213 res=1
04:07:04 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000700)

[  582.826748][   T27] audit: type=1804 audit(1589170025.057:133): pid=21658 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/389/cgroup.controllers" dev="sda1" ino=15787 res=1
[  582.854062][T21659] FAULT_INJECTION: forcing a failure.
[  582.854062][T21659] name failslab, interval 1, probability 0, space 0, times 0
[  582.893441][T21659] CPU: 0 PID: 21659 Comm: syz-executor.5 Not tainted 5.7.0-rc1-syzkaller #0
[  582.902136][T21659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  582.912238][T21659] Call Trace:
[  582.915554][T21659]  dump_stack+0x11d/0x187
[  582.919897][T21659]  should_fail.cold+0x5/0xf
[  582.924418][T21659]  __should_failslab+0x82/0xb0
[  582.929184][T21659]  should_failslab+0x5/0xf
[  582.933621][T21659]  __kmalloc+0x54/0x640
[  582.937786][T21659]  ? tomoyo_realpath_from_path+0x85/0x3d0
[  582.943518][T21659]  tomoyo_realpath_from_path+0x85/0x3d0
[  582.949105][T21659]  tomoyo_path_number_perm+0xff/0x360
[  582.954481][T21659]  ? _parse_integer+0x12f/0x150
[  582.959369][T21659]  ? __fget_files+0xa2/0x1c0
[  582.964009][T21659]  tomoyo_file_ioctl+0x28/0x40
[  582.968848][T21659]  security_file_ioctl+0x69/0xa0
[  582.973805][T21659]  ksys_ioctl+0x5a/0x150
[  582.978062][T21659]  __x64_sys_ioctl+0x47/0x60
[  582.982660][T21659]  do_syscall_64+0xc7/0x3b0
[  582.987173][T21659]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  582.993070][T21659] RIP: 0033:0x45c829
[  582.996973][T21659] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  583.016588][T21659] RSP: 002b:00007f866438dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  583.025093][T21659] RAX: ffffffffffffffda RBX: 00000000004e7460 RCX: 000000000045c829
[  583.033071][T21659] RDX: 0000000020000040 RSI: 000000004010ae42 RDI: 0000000000000007
[  583.041188][T21659] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
[  583.049221][T21659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  583.057215][T21659] R13: 00000000000003a2 R14: 00000000004c61e0 R15: 00007f866438e6d4
[  583.105740][T21659] ERROR: Out of memory at tomoyo_realpath_from_path.
04:07:05 executing program 5 (fault-call:9 fault-nth:1):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  583.922950][T21678] FAULT_INJECTION: forcing a failure.
[  583.922950][T21678] name failslab, interval 1, probability 0, space 0, times 0
[  583.935849][T21678] CPU: 0 PID: 21678 Comm: syz-executor.5 Not tainted 5.7.0-rc1-syzkaller #0
[  583.944500][T21678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  583.954545][T21678] Call Trace:
[  583.957850][T21678]  dump_stack+0x11d/0x187
[  583.962164][T21678]  should_fail.cold+0x5/0xf
[  583.966706][T21678]  __should_failslab+0x82/0xb0
[  583.971459][T21678]  should_failslab+0x5/0xf
[  583.975891][T21678]  __kmalloc+0x54/0x640
[  583.980025][T21678]  ? tomoyo_encode2.part.0+0xd0/0x240
[  583.985379][T21678]  ? __should_failslab+0x8a/0xb0
[  583.990373][T21678]  ? debug_smp_processor_id+0x3f/0x129
[  583.995811][T21678]  tomoyo_encode2.part.0+0xd0/0x240
[  584.001049][T21678]  tomoyo_encode+0x32/0x50
[  584.005442][T21678]  tomoyo_realpath_from_path+0x11e/0x3d0
[  584.011053][T21678]  tomoyo_path_number_perm+0xff/0x360
[  584.016403][T21678]  ? _parse_integer+0x12f/0x150
[  584.021263][T21678]  ? __fget_files+0xa2/0x1c0
[  584.025843][T21678]  tomoyo_file_ioctl+0x28/0x40
[  584.030598][T21678]  security_file_ioctl+0x69/0xa0
[  584.035514][T21678]  ksys_ioctl+0x5a/0x150
[  584.039784][T21678]  __x64_sys_ioctl+0x47/0x60
[  584.044352][T21678]  do_syscall_64+0xc7/0x3b0
[  584.048942][T21678]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  584.055004][T21678] RIP: 0033:0x45c829
[  584.058876][T21678] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  584.078649][T21678] RSP: 002b:00007f866438dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  584.087084][T21678] RAX: ffffffffffffffda RBX: 00000000004e7460 RCX: 000000000045c829
[  584.095035][T21678] RDX: 0000000020000040 RSI: 000000004010ae42 RDI: 0000000000000007
[  584.102986][T21678] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
[  584.110934][T21678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  584.118890][T21678] R13: 00000000000003a2 R14: 00000000004c61e0 R15: 00007f866438e6d4
[  584.129876][T21678] ERROR: Out of memory at tomoyo_realpath_from_path.
04:07:07 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f00000008c0)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000010000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff68849663a8a85b95e8160f596215ce50a692afceee8656c0ee6bc33f00d49662024de7a7c39386bcc3a7fb9b160be6341e71f12fcaeec8c403d9a4c2e8d4048995fdb6409de57be56262d99b648d8634a36a554f6e0ad44067f3c708fabca0e28f868b65811d1d0a8376ac6cdbf33fb75702eee1362ad2201593aa93fbcd8ab7fa9240c2667ffcfb9d528ae18b958983842591601dc20f30ce9fefd171701572dd51ca7c91a3fc0000"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:07 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:07 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x5460, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:07 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000900)

04:07:07 executing program 5 (fault-call:9 fault-nth:2):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:07 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
mlockall(0x3)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:07 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
ioctl$HIDIOCGUCODE(0xffffffffffffffff, 0xc018480d, &(0x7f00000002c0)={0x3, 0x200, 0x9, 0x9, 0x6, 0x9f3a})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
r6 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x3, 0x313180)
setsockopt$ARPT_SO_SET_REPLACE(r6, 0x0, 0x60, &(0x7f0000000840)={'filter\x00', 0x7, 0x4, 0x430, 0x0, 0x0, 0x130, 0x348, 0x348, 0x348, 0x4, &(0x7f00000000c0), {[{{@uncond, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x3, 0x4, 0x2, 0x1, 0x0, "119ce8cc17bd1ce87d8f86033932e7fe6662440788a547a1cc98cb01487c31e8d301eab6132aab73dfa2a0affa11e010de25effefa711bc525fbf50e73977094"}}}, {{@arp={@empty, @loopback, 0xff, 0xff, 0xa, 0xc, {@mac=@random="372ccbc64cb8", {[0x0, 0x0, 0xff]}}, {@mac=@dev={[], 0x3f}, {[0xff, 0x0, 0x0, 0x0, 0xff, 0xff]}}, 0x5, 0x2, 0xfffc, 0xff00, 0x9de, 0x7fff, 'bridge0\x00', 'ipvlan0\x00'}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x3, 0x0, 0x9, 0x1, 0x0, "cb63680ba8b0856055ba72f1b07b4eb07a4c0f9fd4f1d45d5be57f5b7096be0623b93494615f5db5257914e103e89a49a558d82cef586daa6f3601798c04a8ca"}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x7f, 0x7, 0x3}}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x480)
ioctl$KVM_GET_MP_STATE(r5, 0x8004ae98, &(0x7f0000000040))
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4040, 0x0)
recvmsg$can_j1939(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000cc0)=""/4096, 0x1000}, {&(0x7f0000000140)=""/4, 0x4}, {&(0x7f0000000180)=""/171, 0xab}, {&(0x7f0000001cc0)=""/246, 0xf6}], 0x4}, 0x10000)
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  585.098994][   T27] audit: type=1804 audit(1589170027.327:134): pid=21695 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/390/cgroup.controllers" dev="sda1" ino=16373 res=1
04:07:07 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f00000008c0)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b2900f777bfa5442d79a01b6d855a2d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffffa98b25a0131046c500ba01d962a6a350f4f0988fc5fc5e4369b7104f9f59d1a0b7ce60c701cbbe27f69325ecb1405955542801b570f59c6bbd84b096434aa21b65e5be894e84f3a0bdf448bfd36112fb43e873649c96875a141fd1495b3673f18cd6c6eb6ed398273fc4279cbbb08741623bae0b5977b2ddf88f89626e895d23abe24a95cc0c1df99d0a6038c7197a655802c8d18f01ba07f729d36ea79f1d673713ce87509eea97dd08b635dbf773f3ef"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:07 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000a00)

04:07:07 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup3(r2, r3, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000440)="cb56b6cc0407008b65d8b4ac2ca35c66", 0x10)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmmsg$sock(r6, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000580)="eb", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000cc0)=[{0x0}], 0x1}}], 0x2, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r7, 0x0, r7)
r8 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x2080, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x1f)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:07 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x5501, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:07 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$dupfd(r3, 0x406, r0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  585.525920][   T27] audit: type=1804 audit(1589170027.757:135): pid=21719 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/391/cgroup.controllers" dev="sda1" ino=16310 res=1
04:07:08 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0xa, &(0x7f0000b4a000)={0x0, 0x0, 0x0, {[0x7174]}}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  586.064189][T21742] FAULT_INJECTION: forcing a failure.
[  586.064189][T21742] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  586.088866][T21742] CPU: 0 PID: 21742 Comm: syz-executor.5 Not tainted 5.7.0-rc1-syzkaller #0
[  586.097599][T21742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  586.107647][T21742] Call Trace:
[  586.110995][T21742]  dump_stack+0x11d/0x187
[  586.115334][T21742]  should_fail.cold+0x5/0xf
[  586.119841][T21742]  __alloc_pages_nodemask+0xcf/0x300
[  586.125136][T21742]  alloc_pages_vma+0xc0/0x390
[  586.129822][T21742]  wp_page_copy+0x167/0x1050
[  586.134419][T21742]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  586.140330][T21742]  ? __read_once_size+0x2f/0xd0
[  586.145185][T21742]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  586.151077][T21742]  do_wp_page+0x224/0xca0
[  586.155442][T21742]  __handle_mm_fault+0x2d96/0x2da0
[  586.160595][T21742]  handle_mm_fault+0x21c/0x540
[  586.165365][T21742]  do_page_fault+0x48a/0xa96
[  586.169963][T21742]  ? _raw_spin_unlock_irq+0x55/0x80
[  586.175189][T21742]  page_fault+0x34/0x40
[  586.179346][T21742] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30
[  586.186811][T21742] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 <f3> a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4
[  586.206412][T21742] RSP: 0018:ffffc900038ffce8 EFLAGS: 00010206
[  586.212919][T21742] RAX: ffff888121d51a98 RBX: 0000000000004200 RCX: 0000000000004200
[  586.220893][T21742] RDX: 0000000000004200 RSI: ffff888121d84200 RDI: 0000000020d3c000
[  586.228914][T21742] RBP: ffff888121d84200 R08: 0000000000000000 R09: 0000888121d51c10
[  586.236949][T21742] R10: 0000ffffffffffff R11: 0000888121d51c17 R12: 0000000020d3c000
[  586.244924][T21742] R13: 0000000020d40200 R14: 00007ffffffff000 R15: 0000000000000000
[  586.253352][T21742]  _copy_to_user+0x8f/0xb0
[  586.257782][T21742]  kvm_get_dirty_log_protect.isra.0+0x312/0x3d0
[  586.264039][T21742]  kvm_vm_ioctl+0x2ca/0x18b0
[  586.268640][T21742]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  586.274544][T21742]  ? do_vfs_ioctl+0x3a4/0xd00
[  586.279229][T21742]  ? tomoyo_file_ioctl+0x30/0x40
[  586.284186][T21742]  ? kvm_unregister_device_ops+0x80/0x80
[  586.289871][T21742]  ksys_ioctl+0x101/0x150
[  586.294249][T21742]  __x64_sys_ioctl+0x47/0x60
[  586.298867][T21742]  do_syscall_64+0xc7/0x3b0
[  586.303414][T21742]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  586.309345][T21742] RIP: 0033:0x45c829
[  586.313247][T21742] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  586.332902][T21742] RSP: 002b:00007f866438dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  586.341407][T21742] RAX: ffffffffffffffda RBX: 00000000004e7460 RCX: 000000000045c829
[  586.349384][T21742] RDX: 0000000020000040 RSI: 000000004010ae42 RDI: 0000000000000007
[  586.357351][T21742] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
[  586.365316][T21742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  586.373285][T21742] R13: 00000000000003a2 R14: 00000000004c61e0 R15: 00007f866438e6d4
04:07:10 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:10 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000b00)

04:07:10 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x5509, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:10 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
connect$can_j1939(r1, &(0x7f0000000180)={0x1d, 0x0, 0x1, {0x0, 0x1, 0x4}, 0x2}, 0x18)
r2 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r2, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
accept4$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14, 0x80800)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
r8 = dup(r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
sendmsg$TCPDIAG_GETSOCK(r8, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f0000003040)=ANY=[@ANYBLOB="401400001200000428bd7000ffdbdf250fff81fc4e234e228f04000021040000e18100000900000005000000000000003ae200007f000000", @ANYRES32=r6, @ANYBLOB="07000000000000000001000008000000dc0001004393a8d93258c35138b95f0792f593134ef55e6237d22a27aa3e5a8589d4f37d5e1192d62fe1e0063bd8dcaa311d413b119ef69e66b8ee4fae07798e39780d26ab2902310ebe78169498b060b5824f69207f784ec0ef589ba06c13460b327e5cdfbbc4d8d74cf71a2216d024406231a24ee1a78250f3ada7e028e3f10b8c7eba098c241f15e0d4b9d893d7aabdc8c87e8e2bffe2d091508aba4462e9d288b1315dbfb68cd1a6559f33cd245295c1acb5badeb51c63c1832ac0fcacb6ba00e1442ed5f0280f2a369067f55950e1eb8673a5808dcf57baab5d100001009a0d62b49bd5f7b2731e501b32010100348efad4eafef98fbfc1dbe01d349307c4a7cf39d73067a5c9105d8a694c64110a119b81e20400000000000000930c35768675a43979499916b514c60ca546793e8f735ec20e0ce69a39cada94698f1ea334c367ba198a25203d31d56b2e6b31fdea1a0d3c408f3e4e63e449808ae44e9cca90f006493bfe67fa1390448eead9377fe5f9ab9cefe42f0db41ff4947b1d475472d03f8d2870f92b397a3b247e09e730ec0bda290c9462ffb0a688d75affe96191e972cb726bbf5af0c0169c5aa2d6bfd48d37837fb84c462ecd9b7075806e8fe58b9454e238015897a78dff591388d108eadc527605b61ab2012a7b1165ab7ba282d04c221d1043f578905bdd025d2ecf3e128e6818cd3f240cd8341eb78d53538b149a12208bbaf0d522d6f154f8a95ad03b6ae2aa03473718e5000000d2000100c3904a141a7066e720d2ab909da3e0a251d99e79b35acef1c462fbfdb67404829b5ea41ac4c89340b7186fd2eb2960d496c0245e6f73aba0d9f8254d9ca4b45f936bd1c0d9a331c53ff0c434a94ff0dd7401c5ec45a49d742ea5879e8a0fa1c856af5bdce63b4e61f8ca9b0fd176f7eff82b93faecc7949b18fb7b70a9a354eab1e2d693ab0e7e300aab3745898fbb87f42e0b44d0097690e6bec228aec3755bdeb2aa72faabcbc1f7496b060ef2ea492a5f3ce42959889f2bfed9d4c6db6dede29d16ff439c9fd9ebeb812637d80000c1000100353f56536ecf1f85e384ffdc83bbcd82ef5659d5a327c54091289be82b43933cabab380f4ce3b13feb86d437d191d650ceffdcfa7d030659b0a9b25b2786e183ce7977f9ddb3e5fa85fb0618757c0049b70edf57c6b8e05a0e484b33637c64dff2a172c45df9538171e1c8c78d840fd266e801e418e71ed0779ed6c31d0c8166598903e6488f5ae4b4219eb0cdcd9c655959eba8a7ac01675a4fe778154ec97df3b75f8fc3296ce9f179f947e3a5d27323cfb9a02897b585fccdc269cb000000041001003bf9d22ac67088718b1945b8c68933f3481898ef20e7655047023352de401ffd6082a3fe26e5c30f4d0aae89fde1d510429f0d4308aab7037c17192d7ef49ded80c4725f27a6c4a75e41170ce561f745145f08dd823a7e5af78ff7da1e9decb2bfb58586facf8bfc86e625d352fd878b5544e0eb76e6bac0ac6838369f612c8a4547e114106b4c2a95366b28d83beaed6c8ceae95c80fba03f91be1517fecbd4ecfc0d321ee982a70e426f63ff18bc7b072eed17f7b6344983e117a92f1098be6d122f041fa99f6d995368219bd6c07124b9f31ff78895c3ef896b4650bf274bb00ba2aab8db5fd183d7ba688e4686f817a733fc5813514e8f07070441e6cf6f92984de45229b12d55d49c4676535748f82cbd06d3156066e68dde32fe6b27a822ee9f377a2f892da7f65d0f39198e81f62b1eb3d09cdcb307789ea875c57571293e1b7eedacfea2b45feeadd88c73cef72cfcb7e8b7624c9c8c4d5cddefd7872cd322318c45b0da38a93a6ad5c969ada909208b94edb9d527e52309fcac8527b7541db5b15154a7a34a7f387a3b00057531c9084be972d39744dc285d17913d5c3cab70cce07fd823fb5f40046e58a07713c24ec446856ad252d5ac0faa51ccc8eadf2c027e8b6c1b14b768782fec933b701988b5c85cfa941f34ebef154eb94fd89eeda5f28ead386b8ab4fd5e9e7e1169ebfcb801279334003b9a5a2fb84b5611fab46d39db18db1417d96a29e8b3887ab71d5cf000744b6256029f00563e908886a2bbf5b41133b329438b5757d04fcfef0692c9170243f5c0db02f0791d44209807a44a962396ac4a11cc457f169ac0f4a07aba6e676d3afb9ed35b45aec7c956c2287128ee65e14413e510e320a0c5c34218f196f7dc6bfc18aaf5c7ca2f4d07467058fc07dfd56f21ead2bcc8c7c497265f6954d1bfbd77fd2d182881cae791f1af0f90d115ae50c18a555da69d65192daa4b3a76681bd57ddef0201855fd99bd1d50430b51f72528a99636a710a8d55513bd3e38d4534b56c9a5b932da1d8529f401f3f13000480c26da03bb453ac1fa6ea192ce3ff781a2b3c9338b7b1e9c0ae63aa836d5a4643ab317abc0794428f26ba2835ef9f3be47ea02e855c6b77ed7c7fb5e9ac7b383f2d95f717bf784a77e2a50b8a49b9ffa7902b2a207dbf179a8e2f19b9bd9fd5d4e2188e991c4771df01af598262b9eb08cf89bb412aee7a546ca2be8c43c098072f12ba43edb84d02ad889d80f7b4313437f0cb9050e40fc3d71a11f3dee3a7b35323876bef54d00d8e34c0c037f7e7ee4e76044e506e24384d25d0b0930ae6a508aa0e620adc69f79a8115b2d5e620a2db062dd8a79bf96a5735b257320a285ab47489eca2176882eaad6256af0740121d42fbdeefb2e5e87a76765e282548cc692caab2e64a326d01266d48a350c28a524b8175ff7f1aa8ddbee79b6ca9f3886100b69aa9e3d6d60506ba57b88aa5073e504e374aa58712b70f70e9e73b15c3776d69524c6e04033a023f6f3bafb9f72072818c15395724d70b9fdf1102653f7d8a131b471c7ee31a90a84d09b1497b77edad33fa2bf2c8b2af60e743a42781ab6e04f3d8c66050137cba03326930c2072486935c661278b1f8c9a0bc2a4869f9ad6dd08d4fe478e0789a36232ae167d26ab56badf8e55a4237a70a3afca8f4b296676dea6fa83bd3f41c578442c4d3eacd04fade90388c7ebd1ffc10ea376f03e93827d503c02af97095202de1dba2fa00f12cd1729bcf987a7dd05405f96ecf490f784b39354bdf0fb39249ffa52b9dfbb4b7516f595d5e0a338e93986ceb3fb825e1b935dcbfc72ffd9f3e790b4c5111f55d91665e1d2a01c16763123bfa838fa8ab09477f673add3fa091cabf31d80ae84e9af2fe3f2be0725dc300870414b093434931427f30208c54d0ae35efb1590e0ee03873de991c807c10b2cacd20ed1d46c52405a74ff4f4ace2a9b4d84cbb2982dae540868f989621d9e3616f50a3dccfd956567e6aa86e67fe3c361b96ee051dbd83036aabc1e89513cdeb9fa4da62a80a3247d608ffd38060f3d1b32fd7f709abca09c41605787e6de7825c54b414ee927060282c49e3e69500e2a32ba2d6050c3e07a0422e6f5fdf79991be4c7a7450b647413d5a52ec6816cd081b1701a04694aa5d83bf447d4d3876fe67f618271bfc0569d30a4adc5ac5dbf83bb56f3de63cd0964c44b37f15d80dd7745bb792b0fe898584574b645f14fb44353067a561d5fe686b75cfa729c70aa7217b0855ec4e91b2387e859af0875f6d14671c1c9b091e4a341ca72d7d646ada4fa5a26bce67ba52dc2117d9122ab5cbea406e224012cec804c572354fb29e45a6f5f6228f3c4cc8b9c4300038b3c2fcf6353eddf0f4891f63851c8e0e98a517f72cbb500ad9ca415cfeb4f62b83f04f80e97f50340573bf91f8477c13da4fdfda5f88aa66a830dadeb97b0d68361c048cca4c7819895a2d968fe51087d386d48c59454cedebcfa21f8bc180cbda006d9005db81fdf41979ef53d87898bed1ad9671bc251ab6375a28120a6ee3c4171cf9eab35868e17549962048f6adaa73c5fcc47d5b0ee6fddf39c234f21298565d14770a4e9c030168a33e87ec7471e2126df12aee4c3edb3fc70161c338214cbd3b7639f951257331ac8a3864553bfd7562a93dfcc0d3f257d002cfa2b0dc192fec6efa7c8233498df2f9388e0a36e95d03e5ca1fb6b7084176d7bf7c51fba5bbc65479e0d1bf203f86c1ea0d3041230448006a7371051b7d216c4b6a99f1f7a02c870caa549217b3d224057502572fc35e52bdeca3755fe8bfe14316a6ae27d3aa8cf7b658bbb199d3681c98ab9e4c110fc997490e7ef141d71d7565f44b3540436cab21251d227a5f3e1413bdaa93fabb372f5b2421717a09ed8bde88d5da04aa16e156e1ba5279ba7f9a1be88275000000009d7f6fe4f80e355eb247bbd4a67f2924ce1eee6002021fb831e9ac2a14aa8eeb5b05e3443ec2f52bf003427afe2a6f927082f79c5efe0c7eaffcae1fb3b3539d54f5578f463bf667932a3133382bd2e7233991693f9b8481e57bbeb38e8ba301ab7b0bb9cde53e5d97a2057b1e8e6b8b2bf5b51f74b7457fe9445ba3c737ceaa652e637158be0c5bda948fae386c641c057c8f4f4f99c99ac9ce04cc4646cff3db120fe5f3d4eafd18a0b7231a03cc74fefe713e63ad321692c844f4cec8a1af87f3a5836b5d0468544b6d9b43474da7883d989e54c7f4ab83fd9a622c6cffbdb6fbef5e7e7814353f96adfa14e33a87646098e1037250699eb9d8b5b56332c048ff12953133358c0327696176a8b4b35227da9c7a87f346e686ce906100c57611baed91808dc3a0840ce919ba198610e8501f5d34929a6ec4afd4ef1070e694ac27ba51c571097b627313cb199e67ab06366ba1256684ed143d9ef62ffda82df5093670a201d076947dd11cc80596f29dae7c745c0c6c2ad1098518e910b959d76ad0f5e7751808b70b9018de3d70c8fc8ba1941de2f771b115910511e1a960ddd86fe72052686c4aa5e834b8b5414b750e5b9cd7ec0c78084f8a1527ffceec2ab607b3b43b6daf688e6e00ba224281814613e40a2c481198966f72e343b1c0188d5915c0c1125e4574f53b8eb479a9124912a231a27e893797c6715866a1272adac080a1e5b6670f4de1ac60415be91903b0ab69994fce38a1747b703f3ffdc2d1181c7398fc583b31bb0ed3cdace69b2fdc67f0bea2d75d2ea0e4d4f149e2350ac29966221e79f79a89d89927513d75677a340c440bfbc8bf5df03354d7042b751a63b05bc53735cf1245765922764be46a3972c2ba026040a7e5c657f1f2f881f3bb3752385d2d1483844259a32adccf072ef4f4f4c805662b44cc32dac5be531ae7d0144a8a9be349ca30e3c8cc9a6e42ae83a5d44ee7095977bf5cb6ecc681c82981154aa41b0dcaa8a4928afae1e0d67b6af9bb57f3c331353789cda8b0e4b86ca2168822a62844a7de4760b73da8dda9ae8a5bdc2d49403b815da854bb212e06761ba0972aefbae07424daa0269b18242ed3fb49305441af7501f1e2dcbe861c096d02a41aa63cb7c2bde7c83b5a706de367437f56d593e87bd28a62e28a8e5ae004f3e26d0a28b4c80f78ae43ceebc50bb78bbd33d04f3e3ccce89a3c87fcac6742d10e223220d399e7072a2b061195eaa4a1abbe046073453bd033303975eac636623e0e4a5a61ff4d68d94217de284dd2c0fc0c010394f429ee4f529720cca0fd6f573b193244e233dee0fb29f4404d55025ec83ad979c7d910bed6d1dfe4b0531c68ccb925217c554e549b43f62535ee3f1cada125b4b95eec6264b2d5bdf18302736284dc1072a751c9335179d54f99873a38372d558987a83d8fad90fefb17f7a681157df9f1c3a91e6317be06f28394a9e6b405e1e0431105562d4fcc609c8364d79e55fbd2b7837229f0a39148517f9b3a89181ffb747e00559470302ef6c589f44c10229df47c9cacf52dc0fd5f8e2a79347b801a6a36a388034e8dabc11f9b0a147caf8097b6019ded336646b7100ab097ad9013d8e4cafb4422842de6fcdcdc7a123341f2226b630ca166a9690dbf6caf2f2e53492f9ee405b0454a6c4bb89695da9dbb456664b7cdcb2d10acf83816990a6598ba370956168ca59b138c382eda7f4fd3e9505ca3400a51a76a567ca9739fec786d4847d68efe2d776d4b6c303025680d5c89c8316ce1c9b2e54b08d98dc8a8424d6c0f1d4d3949ea9924231d82025e39525342acd15b14a3d065dfafda8d3d55a7af70a02c403f1b3d28b0b6b15daa736b3df3e62ca9b9c61bf3772709d48c859f603457e15d45a7d17325c37f31f6675b2bbba9333d1ebb89d2f2d335889280454937bedbfba4dc9ef6b8193415f0a5f50a5c3fa1277d60a60b4ff04bc4f1b1717992bf24093cd3485b2ab0ed4e6f4efba120256bb106ec716653b170628e06cb5404f6f267826b9d4b7bca9563f73eccf8726ccfcabcfcd6297f88e6d31669a3e0a3ecb3793370e2bb1b6a376da34ca0e4630f67ab76493cbe4b3c8e4ec48ba31d8195192bd18809a864c703d59e39e1478a5eb4b74bff386a576e34c41991fbacdb60523881c7213c87210bd2aadc202e6838118d879eecf7ec5df7fbc93749112a138bb60c68bf383198d4fc0a93a4fc4bb39651762e5b5ad551dc6516085fcea2a5bbea9a3cc98e55fb04194734d7699386d0b7acdf2f0bab5cf1d5ba7d0f99ba6839313936b22f5408502e79552963ad4e7ce1ee277047dd6c1e16f533b6fb608a8e6e8719e40be2ee454796a935e4a28362b5528d53e395b4c80d4ae3ccfbf7b5959cdffcb2fa5b9fc2920082826801f923b264e1fac8c5af45157e62756f8075bb5c757e1b713393049553ad1fa47d911f19c0ea80ec6bb317c7817c316ae0a732ecd95d46189bc54fc28fb6ad0f818d377fd53a95c91513f63228e8687f2b8f0ffa01b84bf000ed49d1805ff75f63a82c80492dc05953202b706a65142a847ec5b7289a2b2525c7dc47ceb387a5b46b1ddd5e76be3ce2a537c07578dbebd2dab1c4c8e379c88b06774473739128000e87859c7f87d167e3c3ad5c94a1e686e1bf19a1450353282d5f4f0e0dd151458cc44dd5099c91de2f958e8321059904d98ebcfd2b5021fd8fc9c98a6171aae18d334734a20c5b32ebc2d2cd3609693b84e0a85d230178a715e5bf74a50e88a42af2b45768cfa5cd9027541345ccba27dcf4c78e02d8b3e1fac436bb736cd2ae229c38bd1c896b617f57f646c5f3f7f6a799c7182f32358e981a54e194933f008b3f77f4196a02a69cdd349244cf122ec7dace20701c996ce0ff916d610f4439bdec42b85c456006ed258f1122915d95c4b8c953176bfd514785869cab554d5c0286eca46ea3c5c3c59bd4d5883b28177bf5624600a5e0957b54a3b49edd699fbafb309a3e8c097548be2051172afa10daee9a8097b845beefefb4c931fd8cfa35f899880f"], 0x1408}, 0x1, 0x0, 0x0, 0x800}, 0x800)

04:07:10 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:10 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:10 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f0000000000000098010000980100009002000090020000900200009002000090020000030000000000000000000000000000000000ee66a5e300000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
ioctl$SNDCTL_DSP_SETTRIGGER(r3, 0x40045010, &(0x7f0000000040)=0x5)

[  588.215187][   T27] audit: type=1804 audit(1589170030.438:136): pid=21776 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/392/cgroup.controllers" dev="sda1" ino=16209 res=1
04:07:10 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:10 executing program 3:
clone(0x3a3dd4001ca8ef81, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000840)=ANY=[@ANYBLOB="7261060000000000000000008000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d80000000000000000000000000000000000000000000004000000000000000000000000000000000000000f000600000000000000300198010000000000dc366f89dd6347f953000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f80270000000000000000000000680043540000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000c19a124f61ec4714d67da522abbc70000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008c1578e61a7fcfc35928f70000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cbf0f9aee9592f7a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070009800000000000000000000000000000000000000000028000000000000000000"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
getpid()
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$EVIOCGBITKEY(r5, 0x80404521, &(0x7f0000000080)=""/47)
setsockopt$bt_hci_HCI_DATA_DIR(r3, 0x0, 0x1, &(0x7f0000000040)=0x6, 0x4)

04:07:10 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:10 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:10 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000b35)

04:07:10 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
dup(r4)
fcntl$getflags(r4, 0xb)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:10 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:10 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x6364, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:10 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:10 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
dup(r3)
r4 = fcntl$dupfd(r2, 0x0, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  588.732262][   T27] audit: type=1804 audit(1589170030.958:137): pid=21817 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/393/cgroup.controllers" dev="sda1" ino=16312 res=1
04:07:11 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:11 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:11 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000c00)

04:07:11 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:11 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
sendmsg$DEVLINK_CMD_GET(r5, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="708154b7eac9a6230000ae90a11e7c6e20dc24fc26c911d79ccfae5bc2c14dceb0fb5639f709d280c306629a85f9a954fddb1b3b812b49c6b31998435972e3fe1553d1f9ce217f9f7515712e3413d0b6f02b53409785dc2092791a133a2ca0d133db65404d8d39522dc3c12cdffc17e3e644e2308c5058ee9cd3fcfa3dfefffbd4ecd46be5291d2c683622e4c0fb337de78a48cb9b6eb205f097fd7b584fa2014c9b4c63eb88caf22387ac09587424a350d4700e23bdd029e8891f825ced3c2235c9d30b43296a3c7e48cbc3aa9997b70a7400"/223, @ANYRES16=0x0, @ANYBLOB="040027bd7000fbdbdf25000000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800010070636900110002ed9cc862303a30303a31302e30000000000e0001006e65746434199088daa8886447b4f953e606657673696d0000000f0002006e657464657673696d300000"], 0x70}, 0x1, 0x0, 0x0, 0x20040000}, 0xd0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, 0xffffffffffffffff)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
r7 = dup(r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
ioctl$TIOCEXCL(r7, 0x540c)
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='net/rpc\x00')

04:07:11 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x8912, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:11 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  589.610563][   T27] audit: type=1804 audit(1589170031.838:138): pid=21865 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/394/cgroup.controllers" dev="sda1" ino=16208 res=1
04:07:12 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x8933, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:12 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000d00)

04:07:12 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  590.005248][   T27] audit: type=1804 audit(1589170032.228:139): pid=21887 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/395/cgroup.controllers" dev="sda1" ino=15822 res=1
04:07:12 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000e00)

04:07:12 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x89a0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  590.355821][   T27] audit: type=1804 audit(1589170032.578:140): pid=21899 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/396/cgroup.controllers" dev="sda1" ino=15821 res=1
04:07:13 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:13 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000440)={<r4=>0x0})
ioctl$DRM_IOCTL_GET_SAREA_CTX(0xffffffffffffffff, 0xc010641d, &(0x7f0000000500)={r4, &(0x7f0000000480)=""/69})
ioctl$DRM_IOCTL_NEW_CTX(0xffffffffffffffff, 0x40086425, &(0x7f0000000040)={r4})
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000100)={0x78, 0x0, 0x6, {0x0, 0x1ff, 0x0, {0x1, 0x2, 0x4, 0x5e73, 0x22, 0xfff, 0x5, 0x7, 0xfffffffb, 0x1, 0x8, 0x0, 0x0, 0x0, 0x7baa}}}, 0x78)
ioctl$DRM_IOCTL_SWITCH_CTX(r3, 0x40086424, &(0x7f0000000040)={r4, 0x3})
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000840)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd166b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff07000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070009800000000000000000000000000000000000000000028000000000000000000000000000000000000b5bc3ebcbe66cfa543536edbe2ee00000000000000000000000004feffffff"], 0x1)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_DIRTYFB(r3, 0xc01864b1, &(0x7f00000000c0)={0x10000, 0x0, 0x7, 0x4, &(0x7f0000000080)=[{0x921, 0x401, 0x5, 0x1000}, {0x7, 0x9, 0x0, 0xfffd}, {0x5, 0x7ff, 0x5ba, 0xb2db}, {0x5bd, 0x7ff, 0xfffd}]})
r6 = fcntl$dupfd(r5, 0x0, r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:13 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:13 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000f00)

04:07:13 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x89a1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:13 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  591.525566][   T27] audit: type=1804 audit(1589170033.748:141): pid=21931 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/397/cgroup.controllers" dev="sda1" ino=16263 res=1
04:07:14 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:14 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0)
ioctl$VFIO_IOMMU_MAP_DMA(r4, 0x3b71, &(0x7f0000000080)={0x20, 0x3, 0x794, 0x5, 0x3b})
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:14 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:14 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x89e1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:14 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100001100)

04:07:14 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x2400, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  592.822573][   T27] audit: type=1804 audit(1589170035.048:142): pid=21970 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/398/cgroup.controllers" dev="sda1" ino=16266 res=1
04:07:15 executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:15 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$BLKTRACESTOP(r5, 0x1275, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:15 executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:15 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100001200)

04:07:15 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xae01, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:15 executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  593.242148][   T27] audit: type=1804 audit(1589170035.468:143): pid=22007 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/399/cgroup.controllers" dev="sda1" ino=15846 res=1
04:07:17 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:17 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)\a/[\xd8\xb0\xa7\xcbjX\xa3\xb65I\xe2h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ', 0x1)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000880)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198000000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff33292541a87fe815f7681844b995d058b0e5af8467b0b56fa5d1dd20198fb94f950fa59f80aaa882b941cda15b1a44d50691c369be3e7a3b776b7c262d827b162ec4c0583712a6fb087ec110fc9ade08"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
r5 = open(&(0x7f0000000000)='./file0\x00', 0x40c2, 0xd4)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r6=>0x0}, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000180)={0x4, 0x8000, 0xffffffff, 0x0, r6}, 0x10)
getsockopt$inet_sctp_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f0000000040)=@assoc_value={<r7=>r6, 0x7}, &(0x7f0000000080)=0x8)
r8 = open(&(0x7f0000000000)='./file0\x00', 0x40c2, 0xd4)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r9=>0x0}, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r8, 0x84, 0x22, &(0x7f0000000180)={0x4, 0x8000, 0xffffffff, 0x0, r9}, 0x10)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r3, 0x84, 0x1b, &(0x7f00000000c0)=ANY=[@ANYRES32=<r10=>r9, @ANYBLOB="7c0000ff004a1ea68c9da56b414e9febe463d262f85dd4b34fa2216fa88ede4fa6be94381b7381aeddc04106973485aaffda71434b6308c3731be0672278a17fa1c4f442806265e5bd39df9b309563bea5960dea0e28d457fe446695cfb28aa6073d484a9091fb9310f9e93596c50bac6aceabe987c1834d2f5221790561d393"], &(0x7f0000000180)=0x84)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f00000001c0)={r7, 0x7, 0x1, 0x5, 0x7, 0x400, 0xd7d3, 0x7fffffff, {r10, @in={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x26}}}, 0xffffff7d, 0x8, 0x7fff, 0x7766, 0x9}}, &(0x7f0000000280)=0xb0)

04:07:17 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:17 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xae03, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:17 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100001300)

04:07:17 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x2401, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:18 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x40000, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000080), 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
r5 = gettid()
ptrace$setopts(0x4206, r5, 0x0, 0x0)
tkill(r5, 0x3c)
ptrace$cont(0x18, r5, 0x0, 0x0)
ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r5, 0x0, 0x0)
sched_setattr(r5, &(0x7f00000000c0)={0x38, 0x1, 0x4, 0x3d9, 0xe83, 0x401, 0x4c, 0x100, 0x1, 0x3}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  595.900653][   T27] audit: type=1804 audit(1589170038.129:144): pid=22040 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/400/cgroup.controllers" dev="sda1" ino=16218 res=1
04:07:18 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:18 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r4, 0x8982, &(0x7f0000000040)={0x6, 'veth0_to_bond\x00', {0x3f}, 0x4})
r5 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:18 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xae41, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:18 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:18 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r6, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10)
writev(r6, &(0x7f0000000200)=[{&(0x7f00000000c0)}], 0x1)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r1, 0xc0096616, &(0x7f0000000040)={0x4, [0x0, 0x0, 0x0, 0x0]})
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:21 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:21 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100001400)

04:07:21 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:21 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:21 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xae60, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:21 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x2405, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  598.958890][   T27] audit: type=1804 audit(1589170041.189:145): pid=22118 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/401/cgroup.controllers" dev="sda1" ino=16198 res=1
04:07:21 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:21 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000480)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x19j-\xda\x8e\x1a\x9a\x89\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"u\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\x97\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc1\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\xba\xa8\xfb\x8f\xabI\xdbYiQ\xde\xf2\x19A\xf1C\xe0\xe7\x8ac\xd1\\\x1d\x13z7=\xe7W\xcb\xc2\xd6rW\x1d\xac(P\x01\xa6\xc6n\xc6\x979P\xe7-\x04\xb3\x9d\x8f\xa8\xe1T\xc6x\x00\x87\x8cj\'\xc8t\xa7\x88o\x0e\xc9>&\xf7\xeaa#\x19)82>\x8a\xd0\x00a\xbeZ\x03]\x10U\xb0\xcc\xc0\xa8@\x04\x00\x00\x00\x00\x00\x00\x00\xc8\xac\xd9\xae\x880\x01W\xc9\xdb@\xc5\tB\xa2\xdc\xf1x\xeaT\xb6\x8a.\xfa\x1d\xda\xd1d@[\\|\x9ciN\x1d\\$\xd4\xc74P\x1c!\"5\xe1\\\xc5\n\x89c\x9e.\x93_\x8f\x99J_,\xe0x\xfb\x10\xf6\xa6W\x1a\xf4\xff\x9b\x82$\x80\x8e\x82q\xa0\xce\xc0\xb2j\xc9\x12[\xf9wdI\f\xce}s\xb4\xc2yD\xf3\x82R\x1a\xf5az\xc6u\xbeUS\xe5u)\n\xf3c\xe2\xbe*\xb8W\xdd\xa7\xd2\xde\xb2\x0eT\xc7\x89h\xce\x01\xff\x1a\x10\x88\xf5A\'\xf6X\"\xad\xcdO&\xa1,\xed\xb7%\xfe\xd4\xde\xa4,\x9eM\xc8HwD\xc3\xd6\x95W\xfc\f{\x9d\b\xf7Ed\xaf\xa5O\xb4\xb1Gf7\xc9t\x04\xa8Q\x12\xa1\xc6\xeb\x92\xabj7m[\xcf6\xb5;\xb2\xdb\xeb\xef#;\n\xe7\xb0\x16\xb7V^\xedy\xd3\x12\x1f\x9eX\xb9\xf3`\xa0\x03\xbd\xbd\xcb\x1cd\xbe\x86\x16\a\xcc\x0eWp\x95bK', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000880)=ANY=[@ANYBLOB="726106000000000000000000000000000000000000001c000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000007e4364f5eae7b14011d30068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffef0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000085f1855800005a37ab000000000000141e7c564577de3e00000000000000000000000000600053455400000000000000000000000000000000f7070000000000000000000000000080000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000a0f000000000000000022000000010000700098000000000000000000000000000000000000000000280000000000000000000000000000000000d9d7d79deaf38b335ad2ac3dd7018110622567d9fa468eb98f45b9b302cc23073d8b0e5701e7c0f7672f5cac2e88515be986f0b781761eea82b567eee5a1b734a942ba5ed2331ba647c4cb"], 0x1)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
openat(r2, &(0x7f0000000140)='./file0\x00', 0x800, 0x64)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
r3 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$DRM_IOCTL_IRQ_BUSID(r3, 0xc0106403, &(0x7f00000002c0)={0xfffffe00, 0x3bf45657, 0x2, 0x3})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00')
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00')
sendmsg$TIPC_CMD_SET_NETID(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r6, 0x10, 0x70bd26, 0x0, {{}, {}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)
sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r5, 0x300, 0x70bd27, 0x25dfdbfd, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4048811}, 0x4048000)

04:07:21 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100001500)

04:07:21 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:21 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
setsockopt$netlink_NETLINK_CAP_ACK(r3, 0x10e, 0xa, &(0x7f0000000080)=0x400, 0x4)
syz_open_procfs(0x0, &(0x7f0000000300)='task\x00')
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
r6 = open(&(0x7f0000000000)='./file0\x00', 0x40c2, 0xd4)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r7=>0x0}, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000180)={0x4, 0x8000, 0xffffffff, 0x0, r7}, 0x10)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r5, 0x84, 0x19, &(0x7f0000000040)={r7}, 0x8)

04:07:21 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xae80, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:21 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e7674188b3988367a10384729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800"/900], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
time(&(0x7f0000000080))
accept4$inet(r3, 0x0, &(0x7f0000000040), 0x80000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)={0x38, r5, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_PEER_V6={0x14, 0x9, @empty}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e21}, @FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x38}}, 0x0)
sendmsg$FOU_CMD_GET(r3, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x20, r5, 0x8, 0x70bd2d, 0x25dfdbfc, {}, [@FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_TYPE={0x5, 0x4, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x40001}, 0x40000)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x100000c, 0x20010, r0, 0x6d23c000)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r3, 0x28, 0x0, &(0x7f00000000c0)=0x2be, 0x8)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  599.359523][   T27] audit: type=1804 audit(1589170041.589:146): pid=22154 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/402/cgroup.controllers" dev="sda1" ino=16218 res=1
04:07:21 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:21 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000080)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9\x13', 0x1)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000840)=ANY=[@ANYRESOCT=r1], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000200))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
r4 = gettid()
ptrace$setopts(0x4206, r4, 0x0, 0x3)
tkill(r4, 0x3c)
r5 = syz_open_procfs(0x0, &(0x7f0000000300)='net\x00')
socket$inet_tcp(0x2, 0x1, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
r7 = dup(r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
ioctl$UI_END_FF_ERASE(r7, 0x400c55cb, &(0x7f00000001c0)={0xa, 0x20, 0xff})
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r2, &(0x7f0000000040))

[  601.648114][    T0] NOHZ: local_softirq_pending 08
04:07:24 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:24 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:24 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ocfs2_control\x00', 0x20000, 0x0)
ioctl$KVM_SET_PIT2(r4, 0x4070aea0, &(0x7f0000000080)={[{0x800, 0x0, 0x7, 0x80, 0xfd, 0x1, 0x3, 0xff, 0x0, 0x7, 0x5, 0xc8, 0x1f}, {0x81, 0x0, 0x7, 0xd9, 0x8, 0x1, 0x5, 0x7, 0x2e, 0xff, 0xbe, 0x6b, 0x2}, {0x2, 0x2, 0x0, 0x8, 0xde, 0x8, 0x2, 0x3f, 0x1, 0xa2, 0x1, 0x1f, 0xfffffffffffffffa}], 0x5})
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:24 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100001600)

04:07:24 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x400454ca, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:24 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4c00, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:24 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$BINDER_THREAD_EXIT(r2, 0x40046208, 0x0)
r3 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYRES64=r3], 0x1)
ioctl$SNDCTL_DSP_NONBLOCK(0xffffffffffffffff, 0x500e, 0x0)
r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
socket$can_j1939(0x1d, 0x2, 0x7)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
dup(r5)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x0, 0x30, r5, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  602.101046][   T27] audit: type=1804 audit(1589170044.330:147): pid=22212 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/403/cgroup.controllers" dev="sda1" ino=16263 res=1
04:07:24 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:24 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000019d684860000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:24 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:24 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100001700)

04:07:24 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x1018c0, 0x0)
sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x1, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x8001}, 0x20004001)
r1 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r1, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:24 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4004550a, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:24 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
ioctl$TIOCEXCL(r4, 0x540c)

[  602.591684][   T27] audit: type=1804 audit(1589170044.820:148): pid=22252 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/404/cgroup.controllers" dev="sda1" ino=16234 res=1
04:07:27 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:27 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:27 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000001c0)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb6\x9dOr\x13', 0x2)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
r4 = open(&(0x7f0000000000)='./file0\x00', 0x40c2, 0xd4)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000180)={0x4, 0x8000, 0xffffffff}, 0x10)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x73, &(0x7f0000000040)={0x0, 0x5, 0x10, 0xffffffffffffffff, 0x9}, &(0x7f0000000080)=0x18)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:27 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100001800)

04:07:27 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x40049409, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:27 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4c01, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:27 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
bind$pptp(r5, &(0x7f0000000040)={0x18, 0x2, {0x2, @local}}, 0x1e)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  605.190431][   T27] audit: type=1804 audit(1589170047.420:149): pid=22303 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/405/cgroup.controllers" dev="sda1" ino=15881 res=1
04:07:27 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = dup(r1)
r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080)='NLBL_MGMT\x00')
sendmsg$NLBL_MGMT_C_REMOVEDEF(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x48, r3, 0x810, 0x70bd29, 0x25dfdbfb, {}, [@NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x1}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}, @NLBL_MGMT_A_DOMAIN={0x8, 0x1, 'em1\x00'}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @empty}]}, 0x48}}, 0x20008000)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000840)=ANY=[@ANYRES32], 0x1)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
mmap(&(0x7f0000360000/0x1000)=nil, 0x1000, 0x5, 0x13, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:27 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100001900)

04:07:27 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:27 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x40085503, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:27 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$HIDIOCGRDESC(r5, 0x90044802, &(0x7f0000000840)={0xc51, "098d0d6f851c3499082219ded4c7c1af1e17e3b5523d9f4655dfba56a7f0c6f4a1d08d460f8c92bef09e8658b5df1d693d61cc3c8f73b6c18b93bb0c573f179f16a21b305a00b4baa612c01534f4c331aaa412e8d4f968b9efc2850a9913e8c13267d0c2e1b6247f9e996bbceb09ab49af8db58eeb599590bee0ef105ffdad5038e2126d1d685ac4daf3d4beec6488ac980a3237c3f94e975eac85242df02275546b77ef6410838beda924cd3fe75063607133039cc67485dbe19e556d6995c0f4cf6d939976682d8575c45ab912b2ecc39d0b19e15c6aec4390f7128246ebff2f008372cecafa8e658dd04c07dfb55176be2c1e6337765bf9b9c40373fc2c810254ed991d6d0291dc3fb4cf9900cef438cae33b5ba6495aad74eda97a4761f77dc7cb6d95d8087eb9192ae8ad930416160b8c6c6f66a76372999e81bdc54bbdb996365def09e7bad8a6790da6ac3ecbabfca48e169c7f3a31b3eabeb447b9cef4a272463116b169da6169a5b7cf1d76aee131f5ae27fe43c367c6f9bdd1f9eb5cdb384f491b9f539f2b4348990afdcb0aa40f3f44b8216bf38dd8456cd292def9a627f1a3e0cd22b01ad1b08f7894415638ae02398bdf72e3f7961c06754e78c048d70bf4206ea3e208184913dc57e42f1837b8b28eca13fc9e60aab200a106947b9ef98b44d987768296fdc50dbb810278ee5411f61f214d4d1970aa539a8b96de6fc1e7b31a7ab299c2cbfa81043cc216431f577eef0cad45c59b11f31e227de042c7b309176e3213c52a61673abe5dc646755fe0b7dd84079823ee3df9b94819dbe80b7abfe0e4832214f13f1dc77a78985a1e132808f7f672977bbc154859b96c29ab4b35885c4a91bf8576f7d7e5d858c484d05c074995b811957ec4be463c27418241e6eee24ac07cd9db3b374d2917c8c300dc2ae65b379a87b1a9146d26d46a3ff872c87db3a20d3a2f043c830b8efceb0b99bce536246bc37739c6a827fa8fb85e0b7d0c4eb38226b1bffd0576d6c26489b02d84d2187747c02c90c6428554200d52a507d05d4c0e3aad3a11c7b262f3d9db3833fca7c4eee78310ec7a67536494820cca711a5957fbb6fafdc9e10b875c39f65b51ef30358f42f80b30aadd96bfab7582719f7eaec3dfe2bf89f924241ef55bfe2a2547714c676abee138153f596e1d6b5553a003a38e707875373f1f81d5b89aa98695111dc0201c6711b6c820a40447abc60c9749b04e123cf4c8cff5a5e3fc49f30b06e76e759fb145ed9d8d4f1521737e65a49a95dbcad3a997a729a4598880cc7d412498f4cd838606d2abbab5d16068de46c57c551012b5eb06bf33a47b68725754f3fef9dff652bf129c75731e4edbdc3be1eee8a8da1da9b7b7a2cee4d24870541f9d1bd93ec620de03dc5058c81ab282448b3735d681ca0d42784532e016ca1fa119a6e038b95642c0fc8c5205ac363c8328d9489a7ca1df43076504618e21cea5737643d4d4d62bf6001bfe749b020c8d74721142e85d6c60d3a813e21c527f50ca745e5e828468fea56cde9528ea552dcd6ae3ad354a0b5f7abc6b85c5fef39d2e254ee8361ef23afb88525c748017155a833660876934b72d52490c47d800b66b2e2e5504a8d1e764d7f7c174557341a5cc3ce526a5ce556bd41cba966ca39e54ddf4a6bbb411660a89ddab95bdbc5fec126d66dea41afab3b2ac44f7e39a5c0dd60e7d3c60363c488fee0d27f7ce4ccbe4d137bad6906ea4be09d65f705a009f3424d01b9fea9da58419a54e224b8f56eb45f1068920bb2ec3ab8f62a2632c58f95d0940c1c37f0af6f9d5ed51fa23de9db26e34a462db7de1c277716fae764ad101432a3500eac113b3b7e3b4d38da379ed1997395fdc2384ed16ece2c2381d3bb49797096abe05db79712f2b8d2c8adb3b10c1765e4336d968855a16d2d83dbae44a019adf8e6b452e86de1cfaaa972bee30f3be7a2c3057da418caa105a0e65b3e13e1d29e02cafc3e98bf59bdf982bb7277929c6c74263021c09e5a1dbab64ad75fb66fe3c72d6296f5a990f320ecd522be5db36e61fa4326441a6db7d7f087a7f1ca6c5befefa5d73518f2d4baa201203450b56db2045d9e2192edf3dc26b9517255864e083c531873c040befdb6a07cd67c3c98ff72e05e5229047e484236ecbf8d935db700023136da968e081690c12f54780f624855e6b2c4245f81cbd93042e4641d84f9b309d53ac509c5ef2ab1eede1eca3b9a5e6fb2837d470a97db7b339753d3c2c7b4c08c86e274e6f52113561a54be30438bb903b4ecca7d36a14f56704365bcf89df14bb979afab2865561ece1dee7f370a6bca8adc26d20da00c3061fb57a472ecb7543983784cc1fa89b3eaa7efc894092e03c0b456653f68a3aace1276c3320f82a075e136f458e12e2bf06c579f8de5bef6e4e363e575cb5894ad816326f7101a7e559bc3500b66801e8515ef3104807a44b51459879d97517ab16f3bab317074d378c6f8409fe50bcbdf3adcfb4a07fc8f3dfa35fcdcf11c3827829d319d5d99ba2dff033f7f18a4d7012d3e88e1c441af7080675b690e748732b83c98613938663fb8f10dceef44edbbeb5e5975872900eaeacf0d183c2c7bed87e9228d24b351d74c62a5bef6fbe3c5a306bffd80bafaa2c9a8048cc5c52f7242555d9fe0da9e13572aa4485d84899cae0b33c910050846a0de4cbb3ca7f96edcb9ffba7278a717b3a66e70ef498fc65fbd8ff3545b85806d154bf81b640a4a96984d702b1c20bc937cf428f074bb00b255e459ca65341d937512929d9137d9f9431bf2665390b68f8ce6a458ca948c404468949b38e51f6b3ca9bb398a61f11318aa3d432939ae631ddc33101ee4072de351db5341033d9671be8b6744b22bb2f20a5de10da610211b12c1ffaf69fb85f49774c391b427e5c703b7170a6f336d1d1e3eb8f96a92453b096c9942c54ca07a40e60f5acb44338517b72061aa6409f39abc9e0af94199d885bd9502a8a876876c02eb86ec564584a4ecaba67977136a16c23ec7858120c1cea54df5199781b49db386a39eb262d8f68d88a078fdaa22f4f6c2e53fdd4066cd677d2b86083918545e1a350c246ebe4e49ec12e0d39a228534c3d0e26805440a7d1b718e5f08c6ebc9393ec11d8700b3a56846f4fe766f4e724b062eadbd4e9d87e8bc6f45b8688a166e30de6ced619a96a0993c8fd3f4c7555bff727897b80ea434fd6519d0ebacb35b56e9ee04d85d44e6badd068de115616e03c6f4748acaafa993352e73528fe01cd7e299841680ee1a845cfb5eacfbb79f31f74feb35d27a47259f75129e21aea90dae7efbdcc8a0be03f434784bbbb15ad2d3924c74250cc2ec30d530f53d92b91d48f37786a576c9cd3a3b35a814b9ac95b4db6984f3cd8172b7a6a5ac4bdb03ee4815e88c3acd19c537d1d41a15c6ebece357b370a7e5d2666c644c03988c2fc3d02aac5d8ef993e9090df15ba589016c0c4887047d3535cfe893ea5a2015efbe73ac1009c0d0324ae3d0a45656dc93c74228383b591139f1d392f9ba386e87534ccf7c0a09da2fe22b4c0fb812fc9f055882135bd279e0206f8c4d53f81bb0d18fdf8dd3b01a184f47fba22e6bd7cf7c038d6b08f14dc991bb9f5c623aefc692116a69872d6830e17d3e718f44f633bd9e62267abae9b8af009d3fb73196e07451527c94e10bf4b916a29dcccb64c7e2bc119cc81fd8bfa20b2217da170f026e107a03fb0f9c418507f3d74b532e905f3d7a0e9a58a52623b8b03fcd2cd85b50cd9aa26d4c0ac7f0b614b3c3db04d47e708d40f1e8c40fdf01d85c14f02521b73116eccb37c8477cda6657d6b0269729156a03220b13fc4c917f856d6e810fedc251cd3bf118ebbf470bfe011c5edd754f947deeaf0ed55be265853219ed703289b4f13eb8d1c1a2ef8db5fea10b53c7209d36397186f5a5fa545454062d219b29b7306195be8cc10409bec298bbec934985238850cb8b96ae40c29de7950690998a9e1eae5994be90220eaae485e5e53fdea9070f1624a0372596fba5b337122a7bd3b1115b82e53ee491f71c9d9662ece90a8b3925f959d2f78e4a7026bbb1c0b0e9ea1cf6939ca889033d4b7502d95284f4de9ab92f86b37b56672b700682e8c1809f787339731f175d2b74cc1a42a0a8d084d793306765c8a2d562840282fd6c6a1992a6c804138a1407d64af7f5497d9b01d80aa478521b6b95797943d01c9cf0b898c4e12677d727aa271b26c4c92be6c109829b9355eca839dc203d158b3820a8abc8d40d3dc67faaf905ca638a3d3599148b482e073b915e8ad0df23e1cceab533057ffeb3ebbff9dd07993dd3b0cbbda6cb8e7554fe63ded8887a604f699ef46893166f6742a7196a8b6c58b8c1c5f73fd84b784199ec37196be932b4bbd8b2e13ef84fec36ddb9f834b89f944dd7a63af18be"})
prctl$PR_SET_DUMPABLE(0x4, 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  605.700946][   T27] audit: type=1804 audit(1589170047.930:150): pid=22337 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/406/cgroup.controllers" dev="sda1" ino=16205 res=1
04:07:30 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:30 executing program 3:
clone(0x8000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = dup(r1)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000040)={{0x2, 0x4e24, @broadcast}, {0x6, @local}, 0x12, {0x2, 0x4e21, @multicast2}, 'ip6_vti0\x00'})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYRESOCT, @ANYBLOB="db8002929465f3d568d471a88290cf86edfe3d2d040000000066cfb992e2e8697d5add2f0257adcf539859d61d998cf23e1bc8ee10fdd8376086340db667b10385b898b08d78e96dd3a94abaac2a733eaa472b79343e2df09c9dc0e2e641e2e90f2299fbc105ec8875c42cb5fa5788cdf18f3074a218085b4d17efd56cb2501d5a21d263beca0d24e890a2d3768018a6dc94396a5f5678335fc7418e37825e9de3dd1742028962a144e0de0d9f4fd5a4e11647999ea0062c25503c9d84e14c77c2ced020542203063e667a6f2381f163f62ee32128e5ed8c5017e56d32afc323678ec4589b7ba29080f4e4cde4c028a20cd1e49793d7bbc963b03d5791dce6bfe8f2cce51631ef7f66c6696368e17e82d000fbcccad8feb20994af9bb2cd7513c81c598d97af1d0e564401e61f125d562eb23be196ee42211d27c38d8e32902c6485861eb7c65b3d13e25e700703b97310e845d72600750b606d8bf34ef55879fd6a8a2f56bbc1abf8badf1165058ca3683382b32c6cf8cbc3", @ANYRESOCT, @ANYRES32, @ANYRES16, @ANYRES64, @ANYRESHEX=r0, @ANYRES16=r2], 0x1)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r4, 0x0, r4)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
dup(r5)
dup(r5)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
r6 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
clock_gettime(0x0, &(0x7f00000000c0))
timerfd_settime(0xffffffffffffffff, 0x1, &(0x7f0000000180)={{0x0, 0x3938700}, {0x0, 0x989680}}, &(0x7f0000000140))
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:30 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100001a00)

04:07:30 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x40085507, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:30 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, 0x0)

04:07:30 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x540c, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:30 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d8000000000000000000000000000000000000000000000400000000000000000000000000000000000000000006000000000000003001980100000000f5ff0000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160ebc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
tkill(0x0, 0x3c)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, 0x0, 0x0, 0x0)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x10, &(0x7f0000000080)={0x1f})
openat$cgroup_int(r5, &(0x7f0000000040)='cpuset.memory_spread_slab\x00', 0x2, 0x0)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  608.355665][   T27] audit: type=1804 audit(1589170050.580:151): pid=22392 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/407/cgroup.controllers" dev="sda1" ino=15899 res=1
04:07:30 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, 0x0)

04:07:30 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b11ffd045c758de1000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x200000d, 0x110, r1, 0xa707a000)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
ioctl$VFIO_CHECK_EXTENSION(r3, 0x3b65, 0x6)

04:07:30 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100001b00)

04:07:30 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4008ae61, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:30 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x80400, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$UI_SET_RELBIT(r3, 0x40045566, 0x8)
write$vhost_msg_v2(r1, &(0x7f0000000240)={0x2, 0x0, {&(0x7f0000000080)=""/212, 0xd4, &(0x7f0000000180)=""/174, 0x2, 0x4}}, 0x48)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = fcntl$dupfd(r5, 0x0, r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x201b, &(0x7f0000b4a000)={0x0, 0x0, 0x0, {[0x3ff]}}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  608.762529][   T27] audit: type=1804 audit(1589170050.990:152): pid=22423 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/408/cgroup.controllers" dev="sda1" ino=15903 res=1
04:07:33 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:33 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, 0x0)

04:07:33 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100001c00)

04:07:33 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0, {[0x6d5]}}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
getsockopt$inet_sctp_SCTP_AUTOCLOSE(r4, 0x84, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4)

04:07:33 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4008ae6a, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:33 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x5411, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  611.408312][   T27] audit: type=1804 audit(1589170053.631:153): pid=22476 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/409/cgroup.controllers" dev="sda1" ino=15919 res=1
04:07:33 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$VIDIOC_S_JPEGCOMP(r5, 0x408c563e, &(0x7f0000000040)={0x9, 0x6, 0x21, "ed665ec87ac8af0f49edfbfe57f04c18192af3cd4da7919f798763a3edd14249763aff4af679c6829c5acacb7d0b08151fddc2434783f70fdbd65ebc", 0x36, "96c509aec9e52d43e83b02627b8b16b0b77002430b98e697db169d5637f4bc3014da3109e753403bc67a6c632a6e281123263ac3fd3ab54ed5453c63", 0x9c})
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:33 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000900)

04:07:33 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100001d00)

04:07:33 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4008ae89, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:33 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
open$dir(&(0x7f0000000040)='./file0\x00', 0x280000, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
bind$rds(r5, &(0x7f0000000080)={0x2, 0x4e24, @broadcast}, 0x10)

04:07:34 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406d0431c540000000000109022400010000000009040000010301000009210000000122010009058103"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x9, 'A'}]}}, 0x0}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000040)=ANY=[@ANYRES64=r2], 0x1)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  611.875136][   T27] audit: type=1804 audit(1589170054.101:154): pid=22515 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/410/cgroup.controllers" dev="sda1" ino=15911 res=1
[  611.990409][   T27] audit: type=1804 audit(1589170054.221:155): pid=22505 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir284842994/syzkaller.7L1fyU/374/cgroup.controllers" dev="sda1" ino=15884 res=1
[  612.217810][   T49] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  612.438148][   T49] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  612.455145][   T49] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  612.479918][   T49] usb 4-1: New USB device found, idVendor=046d, idProduct=c531, bcdDevice= 0.40
[  612.501856][   T49] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  612.522481][   T49] usb 4-1: config 0 descriptor??
[  613.016374][   T49] logitech-djreceiver 0003:046D:C531.0008: item fetching failed at offset 0/1
[  613.029380][   T49] logitech-djreceiver 0003:046D:C531.0008: logi_dj_probe: parse failed
[  613.065376][   T49] logitech-djreceiver: probe of 0003:046D:C531.0008 failed with error -22
[  613.165593][    T0] NOHZ: local_softirq_pending 08
[  613.170575][    T0] NOHZ: local_softirq_pending 08
[  613.235802][T11112] usb 4-1: USB disconnect, device number 3
04:07:36 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:36 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4008ae90, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:36 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100001e00)

04:07:36 executing program 1 (fault-call:3 fault-nth:0):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:36 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x5416, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:36 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c7465720000000000000000000000000000000000000000000000000000000000006000534554000000e0d95a667bfbf4175800000000000000000000000000ff070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b60e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280000000000000000000000000000000000000000000000000000f62e995bf495798bd328a6b5d8b034819a45867a02058aa80f349d45f77c99a688f68b4384704f8e4a858edabbcdb14ea17f423881158650810df6fd066baa5cbbb17aecfdd31c0e3308c81a61c4876ecb16cbdf1fa9ceda967195d4e8f7dafe09139f328771b6b8382bb200ec4896eeb23057b3bfa8a9be7c56d5a2c351fd751d0cb5"], 0x1)
rmdir(&(0x7f0000000100)='./file0\x00')
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
write$P9_RLERRORu(r1, &(0x7f0000000140)={0x11, 0x7, 0x1, {{0x4, 'GPL\xeb'}, 0x6}}, 0x11)
r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm_plock\x00', 0x103040, 0x0)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e20, 0x54a, @loopback, 0x9}, 0x1c)
prctl$PR_SET_DUMPABLE(0x4, 0x0)
r5 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f00000002c0))
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r5, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000240)=@keyring={'key_or_keyring:', 0x0, 0xa})
keyctl$read(0xb, r5, &(0x7f00000001c0)=""/9, 0x9)
accept(r3, &(0x7f0000000040)=@in={0x2, 0x0, @empty}, &(0x7f00000000c0)=0x80)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:36 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x6)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x1)
syz_open_procfs(0x0, &(0x7f0000000040)='oom_score\x00')

[  614.464054][   T27] audit: type=1804 audit(1589170056.691:156): pid=22557 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/411/cgroup.controllers" dev="sda1" ino=15929 res=1
04:07:36 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980fea009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab300a211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde7f8a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000004000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  614.572185][T22580] FAULT_INJECTION: forcing a failure.
[  614.572185][T22580] name failslab, interval 1, probability 0, space 0, times 0
[  614.634324][T22580] CPU: 0 PID: 22580 Comm: syz-executor.1 Not tainted 5.7.0-rc1-syzkaller #0
[  614.643073][T22580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  614.653127][T22580] Call Trace:
[  614.656436][T22580]  dump_stack+0x11d/0x187
[  614.660863][T22580]  should_fail.cold+0x5/0xf
[  614.665383][T22580]  __should_failslab+0x82/0xb0
[  614.670162][T22580]  should_failslab+0x5/0xf
[  614.674638][T22580]  __kmalloc+0x54/0x640
[  614.678806][T22580]  ? tomoyo_realpath_from_path+0x85/0x3d0
[  614.684539][T22580]  tomoyo_realpath_from_path+0x85/0x3d0
[  614.690202][T22580]  tomoyo_path_number_perm+0xff/0x360
[  614.695577][T22580]  ? _parse_integer+0x12f/0x150
[  614.700519][T22580]  ? __fget_files+0xa2/0x1c0
[  614.705124][T22580]  tomoyo_file_ioctl+0x28/0x40
[  614.709903][T22580]  security_file_ioctl+0x69/0xa0
[  614.714909][T22580]  ksys_ioctl+0x5a/0x150
[  614.719163][T22580]  __x64_sys_ioctl+0x47/0x60
[  614.723757][T22580]  do_syscall_64+0xc7/0x3b0
[  614.728268][T22580]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  614.734156][T22580] RIP: 0033:0x45c829
[  614.738123][T22580] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  614.757734][T22580] RSP: 002b:00007f1367782c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  614.766154][T22580] RAX: ffffffffffffffda RBX: 00000000004e7460 RCX: 000000000045c829
[  614.774132][T22580] RDX: 0000000020000040 RSI: 000000004010ae42 RDI: 0000000000000004
04:07:37 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f000096b000/0x1000)=nil, 0x1000, 0x5, 0x11, r0, 0x43867000)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:37 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100001f00)

[  614.782109][T22580] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
[  614.790438][T22580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  614.798410][T22580] R13: 00000000000003a2 R14: 00000000004c61e0 R15: 00007f13677836d4
04:07:37 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
r7 = dup(r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r7, &(0x7f0000000040)={0x4004})
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  614.972107][   T27] audit: type=1804 audit(1589170057.201:157): pid=22601 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/412/cgroup.controllers" dev="sda1" ino=15894 res=1
04:07:37 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x40095505, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  615.278582][T22580] ERROR: Out of memory at tomoyo_realpath_from_path.
04:07:39 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d95"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:39 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000840)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f802700000000000000000000006800435400000000000000000000000000000000000000000000000000002500020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053456c00000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
setsockopt$SO_J1939_SEND_PRIO(r5, 0x6b, 0x3, &(0x7f0000000040)=0x1, 0x4)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
dup(r6)
syncfs(r6)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x1000006, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x3)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:39 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100002000)

04:07:39 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:39 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:39 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x541b, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:39 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
syz_open_dev$char_usb(0xc, 0xb4, 0xff)
unlink(&(0x7f0000000040)='./file0\x00')
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  617.640774][   T27] audit: type=1804 audit(1589170059.871:158): pid=22651 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/413/cgroup.controllers" dev="sda1" ino=16129 res=1
04:07:39 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r2, 0x0, r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:40 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae68, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:40 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$HIDIOCGRAWNAME(r4, 0x80404804, &(0x7f0000000040))
r5 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
accept4$netrom(r6, &(0x7f0000000080)={{0x3, @netrom}, [@rose, @rose, @rose, @bcast, @bcast, @null, @null, @bcast]}, &(0x7f0000000100)=0x48, 0x80800)

04:07:40 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100002001)

04:07:40 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  618.032824][   T27] audit: type=1804 audit(1589170060.261:159): pid=22679 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/414/cgroup.controllers" dev="sda1" ino=15985 res=1
04:07:42 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d95"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:42 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f000000000000009801000098010000900200009002000090020000900200009002000003000000000000a92a000000000030def1869c000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f80270000000000000000000000680043540000000000000000000000000000000000000000001c0000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000918992fb0053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000100000000000000000000000002800"/900], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
arch_prctl$ARCH_GET_CPUID(0x1011)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:42 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100002800)

04:07:42 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:42 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae78, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:42 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x5421, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  620.715413][   T27] audit: type=1804 audit(1589170062.952:160): pid=22727 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/415/cgroup.controllers" dev="sda1" ino=16179 res=1
04:07:43 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100003000)

04:07:43 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010aec4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:43 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x3b71, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  621.170139][   T27] audit: type=1804 audit(1589170063.402:161): pid=22747 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/416/cgroup.controllers" dev="sda1" ino=15976 res=1
04:07:43 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100003800)

04:07:43 executing program 3:
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="000000f2ffffff0028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="005042488c23492881ad93efde8b98bd459e7e3a44"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000002400ffffff7f000000003c0005000000", @ANYRES32, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x3}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x81}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr=' \x01\x00'}]}}]}, 0x68}}, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000006c40)={0x11, 0x0, <r0=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000006c80)=0x14)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
accept4$packet(r2, &(0x7f0000006cc0)={0x11, 0x0, <r3=>0x0}, &(0x7f0000006d00)=0x14, 0x80000)
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000007300)={&(0x7f0000003740)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000072c0)={&(0x7f0000006d40)={0x57c, 0x0, 0x300, 0x70bd29, 0x25dfdbfd, {}, [{{0x8}, {0xb8, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x5}, {0x8, 0x4, 0x2e0c000}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x5}, {0x8, 0x4, 0x1000}}}]}}, {{0x8}, {0x1ac, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0x1ff}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0xfffffffe}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x5}, {0x8, 0x4, 0x3ff}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x5}, {0x8, 0x4, 0x3ff}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}]}}, {{0x8}, {0x134, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x5}, {0x8, 0x4, 0x3f}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x5}, {0x8, 0x4, 0x17}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x5}, {0x8, 0x4, 0x80}}}]}}, {{0x8}, {0x1b0, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x5}, {0x8, 0x4, 0x5}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x5}, {0x8, 0x4, 0x10001}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x5}, {0x8}}, {0x8, 0x6, r0}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x5}, {0x8, 0x4, 0x10000}}, {0x8, 0x6, r3}}}]}}]}, 0x57c}, 0x1, 0x0, 0x0, 0x100}, 0x0)
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r4 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r4, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:43 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4018480c, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  621.621459][   T27] audit: type=1804 audit(1589170063.852:162): pid=22770 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/417/cgroup.controllers" dev="sda1" ino=15927 res=1
04:07:45 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d95"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:45 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00')
sendmsg$TIPC_CMD_SET_NETID(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r6, 0x96f60ba188302d1f, 0x0, 0x0, {{}, {}, {0x68}}}, 0x24}}, 0x0)
sendmsg$TIPC_CMD_SHOW_PORTS(r4, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r6, 0x200, 0x70bd29, 0x9, {}, ["", ""]}, 0x1c}}, 0x20000000)
r7 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:45 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x40186366, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:45 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4c00, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:45 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x5450, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:45 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100004000)

04:07:46 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
dup(r1)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000a51000/0x2000)=nil, 0x2000, 0x5, 0x2010, r0, 0xb65a8000)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x173680, 0x0)
ioctl$SNDRV_TIMER_IOCTL_STOP(r4, 0x54a1)

[  623.837945][   T27] audit: type=1804 audit(1589170066.072:163): pid=22804 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/418/cgroup.controllers" dev="sda1" ino=16000 res=1
04:07:46 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100004001)

04:07:46 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000900)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f0000000000000098010000980100009002000090020000900200900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d80000000000000000001052508500000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffffa8906e1684d01a58c734f1c7aabc5537c7c3dabb909fa4df4e5cb14f0c5fdbab767b141c89f27bfc7e59f147765dfb14eb81d3501d2dd7e3de4fd80eeb8b70c390593cfa0b5396a3773bb3a14705b624eb94164818fa84c8d54b6ae00494de0c6cd52d233f7747e382162776920809b219c8fa59eb21c7724a878f92b956813a1f21ae6b0672d3a5bdea107ec7c56f5a3f13d32f2c00b06c3e121592b4cf6110bc63335053c7e5d3217d78d0d77936a890df88709f396209e9113cda68f070b7df35860bb2f801bd484c0d82080000000000"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
dup(r3)
ioctl$sock_inet_SIOCSIFPFLAGS(r3, 0x8934, &(0x7f0000000040)={'ip_vti0\x00', 0x6})
r4 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:46 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4020940d, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:46 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4c01, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:46 executing program 3:
clone(0x78805380, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000040)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\xdb\xa7\xc9\xe1j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc\x11t\x1bY\x81\x16\x03\xa5\xb7D_\xbd3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xa7a\x86\xc4\t\x00\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0\x1c\x9b\xba\xce\xd1\xb6\x89\xb0\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03x\xd7\xeb\xb4\x9dOr\x13\xb4\x98\xcc\xcc\xbb(\xce2\xab\xee\xca\xa4\xf5wWl2\xed_\xce\xad4b\x89\xa1\\+\xf0wwT\xa4\'VL=\xcd\'/qM^\x90\x83\x05\xe61rf\x80p\x11\x84@\x85\xaf\xb3\x8e\xd4\xe5\x03!\r\xf8\xd52\xd5\xe1\xcf\xa0\xb7\x1f\xa3P\x9a\xac\xf38\xf1U\xaegu\xe9\xfc\x1fc`hT\xc8\xde\x0f\xbb\xc6Z\xae39\x00'/396, 0x5)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000940)=ANY=[@ANYBLOB="7261060000000000faff00000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000f6ff00000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffffccf69c5be393a55a277c472d49dec6ce0d36f00205304fce6e3630f0f84baff2eded82ae954eab44a48677e8093c44cd40568a28f872be3972a5be88c7f8cc6c940d44c1817e73568714b9c14ce9565e587399f4adb1dd5855e5075aa7a005b3fb51eec52f68003b8fc151eff10f4ae64a6fc0f0a1c45ed2286d371bf07ffba59dfa36cf3fe807095a98bebfbbe5a5303867b98e396d41e6d9b9dd3c7d1f5db56ae7f64485b0ce860846d668014e066522a61d21577807e9c9d2140c992b2970ba8ce25f233d8d940f3f2af7846f7034d703f6fa543e6df216655992a8045f68a4337dd5d162bf048a0406864135c536eb55840705a54e63843ee32af95c492b"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  624.217496][   T27] audit: type=1804 audit(1589170066.452:164): pid=22842 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/419/cgroup.controllers" dev="sda1" ino=16310 res=1
04:07:46 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:49 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:49 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100004800)

04:07:49 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801b1c990020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800800000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729bcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:49 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4c04, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:49 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4020ae76, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:49 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x5451, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:49 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
clock_settime(0x7, &(0x7f0000000100))
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
clock_gettime(0x0, &(0x7f0000000040)={<r3=>0x0, <r4=>0x0})
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = dup(r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
ioctl$VIDIOC_QBUF(r2, 0xc058560f, &(0x7f0000000140)={0x1f, 0x4, 0x4, 0x0, 0x2, {r3, r4/1000+10000}, {0x1, 0x1, 0x3, 0x0, 0x6c, 0x9, "d2140a38"}, 0x0, 0x1, @fd, 0x4b, 0x0, <r7=>r6})
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x10, r7, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
socket$can_j1939(0x1d, 0x2, 0x7)

04:07:49 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100005000)

04:07:49 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4020aea5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:49 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4c05, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  627.251729][   T27] audit: type=1804 audit(1589170069.483:165): pid=22923 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/421/cgroup.controllers" dev="sda1" ino=16201 res=1
04:07:49 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100005800)

04:07:49 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4040ae79, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  627.656391][   T27] audit: type=1804 audit(1589170069.893:166): pid=22941 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/422/cgroup.controllers" dev="sda1" ino=16201 res=1
04:07:52 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:52 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x5404, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:52 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100006000)

04:07:52 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4068aea3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:52 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x5452, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  630.116544][   T27] audit: type=1804 audit(1589170072.353:167): pid=22977 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/423/cgroup.controllers" dev="sda1" ino=16020 res=1
04:07:52 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4090ae82, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:52 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100006001)

04:07:52 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x540f, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  630.661840][   T27] audit: type=1804 audit(1589170072.893:168): pid=23005 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/424/cgroup.controllers" dev="sda1" ino=16026 res=1
04:07:53 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x41015500, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:53 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100006800)

04:07:53 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x5416, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  631.092015][   T27] audit: type=1804 audit(1589170073.323:169): pid=23020 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/425/cgroup.controllers" dev="sda1" ino=16011 res=1
04:07:53 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4138ae84, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:55 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:55 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100007000)

04:07:55 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x541b, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:55 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x80045626, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:55 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x5460, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:55 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
r4 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = dup(r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
r8 = dup(r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="28e748c3a139a328cffbe633fcfc4709", @ANYRES16=0x0, @ANYBLOB="02002cbd7000ffdbdf25010000000c00040000000000000000000c00050001000000000000001400078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00080001000000010000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32=r3, @ANYBLOB="08000100", @ANYRES32=r3, @ANYBLOB="08000100", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=r8, @ANYBLOB], 0x88}, 0x1, 0x0, 0x0, 0x4004002}, 0x8000)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0, {[0xb]}}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:55 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000900)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000130000000600000000000000300198010000000000000000000000000000000000000000c000737472696e670000000000000000000000000000000000000000000000010000e6006bf9ffffff0000000000000000200000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff07000000000000000080de05c36312b8750000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff74a6c1f3fa66980b09c084d0d454fe2e3e85c16d079d54adc07c91dec12d54e57e3d5603668c3c5ac5d93a27211999147f40be568c8af4e1b54dd88bdcd39ccbfc04095178fdc688aea85c38b610913e9f8e40faf2ad0ad0ea4989be47394785b3863911a62f04b80334b180405e22c9ca3203a5be5c87707c1992e7ce8a394507b6b24ba7904271b81232eae12bd8bcdd534ef40e9d2771fdbc84d2f5db2358a6c641940ea4c22119cd09d046d94174e9e934e91db012b7c1e70c5456f543990a66f00b68e7c4"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  633.279392][   T27] audit: type=1804 audit(1589170075.513:170): pid=23070 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/426/cgroup.controllers" dev="sda1" ino=16045 res=1
04:07:55 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
dup(r2)
socket$vsock_stream(0x28, 0x1, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
dup(r3)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
dup(r4)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x101000, 0x0)
r6 = fcntl$dupfd(r5, 0x0, r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:55 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100007800)

04:07:55 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x8)
connect$x25(r2, &(0x7f0000000040)={0x9, @remote={[], 0x0}}, 0x12)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
dup2(r6, r5)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x2000000000000004, &(0x7f0000000000)={<r7=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0x6000000, 0x0, 0x0, @private0}, {0xa, 0x0, 0x0, @dev}, r7}}, 0x48)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000100)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x0, {0xa, 0x4e21, 0x9, @private2, 0x7}, r7}}, 0x38)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:55 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x80081270, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:55 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x5421, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  633.702314][   T27] audit: type=1804 audit(1589170075.933:171): pid=23096 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/427/cgroup.controllers" dev="sda1" ino=15912 res=1
04:07:58 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dc"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:07:58 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x28, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="000000f2ffffff0028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="005042488c23492881ad93efde8b98bd459e7e3a44"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000002400ffffff7f000000003c0005000000", @ANYRES32=r7, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0x3}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x6, 0x0, 0x81}}, @TCA_RSVP_DST={0x14, 0x2, @mcast1}]}}]}, 0x68}}, 0x0)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x5c, 0x0, 0x100, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x3}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xffffffff}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x9}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x100}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x800}]}, 0x5c}, 0x1, 0x0, 0x0, 0x41}, 0x40)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:58 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x10000a000)

04:07:58 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x5433, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:58 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x80085502, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:58 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x5501, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:58 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x1400007, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  636.327571][   T27] audit: type=1804 audit(1589170078.563:172): pid=23150 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/428/cgroup.controllers" dev="sda1" ino=16054 res=1
04:07:58 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000840)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xdab<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13\vA\xaf\x11G\xf8\xf4w\xfcm\xc2\xbb\"\n\xb9\xee\xf5\x8c\x8d\xfe\xd4\xf9\xb7\xd3!\xf1\xb1\xd3\xd1\xb6\xbc2\x01\xbf\xd9\x83/9H?k\x06p\x9bZ\xcc\x84mh\"\x1d\xd92V\xf6\x12\xe0\x90\xccp+\xd4\xc63\x1e]]\xd6t\xd3;\xfd\x9a8\x05\xeb\xb0\x96\xff\xbe\xd7\xa8\xfe\xd9\x00\x00\x00\x00\x00\x00\x00', 0x2)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12010009000000406d0000000000005c300109022400010000000009040000010301000009210000000122010009058103"], 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000340)=ANY=[], 0x1)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = fcntl$dupfd(r5, 0x0, r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
r7 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r8=>0x0}, &(0x7f0000cab000)=0xa)
setreuid(0x0, r8)
mount$9p_unix(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x483, &(0x7f0000000100)={'trans=unix,', {[{@access_uid={'access', 0x3d, r8}}, {@cache_loose='cache=loose'}, {@cache_mmap='cache=mmap'}], [{@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@measure='measure'}, {@permit_directio='permit_directio'}, {@smackfsdef={'smackfsdef', 0x3d, 'ppp0!%em1'}}, {@subj_type={'subj_type', 0x3d, 'net/rpc\x00'}}]}})
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:07:58 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x10000a001)

04:07:58 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x5450, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:07:58 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x80086301, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  636.686992][   T27] audit: type=1804 audit(1589170078.924:173): pid=23176 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/429/cgroup.controllers" dev="sda1" ino=16048 res=1
[  636.783023][T11111] usb 4-1: new high-speed USB device number 4 using dummy_hcd
04:07:59 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x5451, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  637.052605][T11111] usb 4-1: unable to get BOS descriptor or descriptor too short
[  637.122707][T11111] usb 4-1: unable to read config index 0 descriptor/start: -71
[  637.134757][T11111] usb 4-1: can't read configurations, error -71
04:08:01 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dc"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:08:01 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x10000c000)

04:08:01 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x8008af00, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:01 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
r4 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_REG(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)}, 0x0)
sendmsg$NL80211_CMD_GET_STATION(r5, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000040)={&(0x7f00000003c0)={0x48, 0x0, 0x10, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_STA_WME={0x4}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x2f, 0xbe, "01bc8fed55a2ef91349f76bfb8af119c170cdd35918091b9f19f25f7938c10f8aea7d2b8e664ff3a93a3ab"}]}, 0x48}, 0x1, 0x0, 0x0, 0xc004}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x8000, 0x0)
setsockopt$IP_VS_SO_SET_EDIT(r6, 0x0, 0x483, &(0x7f0000000080)={0x3c, @multicast2, 0x4e21, 0x2, 'rr\x00', 0x0, 0x8, 0x54}, 0x2c)

04:08:01 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x5452, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:01 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x5509, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  639.391827][   T27] audit: type=1804 audit(1589170081.624:174): pid=23231 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/430/cgroup.controllers" dev="sda1" ino=16073 res=1
04:08:01 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$VIDIOC_TRY_EXT_CTRLS(r3, 0xc0205649, &(0x7f00000000c0)={0xf000000, 0x0, 0x80000001, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x980911, 0x1, [], @p_u32=&(0x7f0000000040)=0x3}})
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:08:01 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x5460, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:01 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x10000c001)

04:08:01 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000080)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88\xd5\xcdKm\xb4\xe8Y\xe4<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88%\xe9a\xf3&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nV\b^\a\x16\xe8\x03z\xd7\xf6\xb4', 0xb)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
dup(0xffffffffffffffff)
ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0x80087601, &(0x7f0000000040))
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
dup(r4)
r5 = dup(r1)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYRES64=r5], 0x1)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x5, 0x8010, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:08:02 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x81009431, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  639.828591][   T27] audit: type=1804 audit(1589170082.064:175): pid=23263 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/431/cgroup.controllers" dev="sda1" ino=16062 res=1
04:08:02 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
syz_mount_image$afs(&(0x7f0000000040)='afs\x00', &(0x7f0000000080)='./file0\x00', 0x6c, 0xa, &(0x7f0000000ac0)=[{&(0x7f00000000c0)="eb992c63fae0417ae39467a78ffc7b2e6c077f7a210d1aa4f2a7f54d9adf87886e3a286404f074d0159724e2dd21a72fb4c3f84d84", 0x35, 0x3}, {&(0x7f0000000100)="641bee9bb8e00aae9cbe87f26712f689f5afa3ba7c6c4ccdfc3d96e5f38860f154a3f4630e2344e7252cfc", 0x2b, 0x800}, {&(0x7f0000000140)="fb4234206c9317b6675548bd4220c0acc6ab4ac332d7bf4ea8015cb7ff3fe9da9106c7749ce110bec20e960f04adb3082fa67f5fba82557606973173cf105b7e9626ae13f60a9e3be8bc6b1cb7d2b80845bb16e9a8da4690b0bdb1af9e4da711d55b586bbd2e92c909b23cce36e77ac784eabce90fc93d48dad358fcfe444d2547fcf22769ce3171418448984f337f547cbf99807e73616eba0a", 0x9a, 0x8}, {&(0x7f0000000d00)="2f20cb6246d7d2c1a7bde7205978acd0e573a83f2d6d237ddd16b7882e44868fa78ecd29d42f59e3f43204439a45dbfc563fd6292fddca758021c48d9ad2490055ecc6fc91dc707101328c578d4e43690e910030ed7d8a326f3e74e2f8e3ec5d6fb91077e0411525d9ac056d3ccffd9e23b161ed782d29c6af07ca5617665951db4be9965c222f56e4910ade4324c5cb8e027e889807fa1fb6edec0e00c668a4e615ee4cd664bae5dd6cfc52deb73e4679966c2a745178f1e6fa004d7c20b0ed0b55b53c476ee006893f9987ef9aea936bead4fc996a16b49402f1256971e0c2", 0xe0}, {&(0x7f0000000cc0)="1a76231f88bebc0ec76840fcbbf213b81974e7520086e18018f2878b", 0x1c, 0x400}, {&(0x7f0000000880)="96dcf9dd57dc54e554c587", 0xb, 0x845}, {&(0x7f00000008c0)="3a87e825ce375fee0943185c4b8d68a570d1187227746fe4f5e18fcca9962b7e9ab426e4a18fb45d47d92c7ad0bde32db9e6a73e0bbf04d9a8c188d3bcba4be988b30d4a92703228bdd8536980512686d4bd01ecb156ad4abc8a27146c84c0977036fe07f0d102f8da6ce645b31f395b8ae7a71d4f8a424c6e86b982fea132185cffbc1e7dfa837fa7418f0263d58b", 0x8f, 0x4}, {&(0x7f0000000980)="261a83ddc27479b2817a9902ff422bb9ce3aa33d200e29e65b38cf878dfc9517e263413ed971ca2cf05ae086b60d572c244aa3079ed972a18742714a84110489b44be9f22fe33c5235757b3707592dfb7484909f24b98e263b2fdc2f6613cfb412f56685c7b3a8b25435c29a82771dcf3aa098fd2192ddfeabea794951256ea80bb7eb0788668193895bcdd99f49e369f8b77c44150e212556c5fe192888525c9ae1200a82dce2b1ed04f91c2d7e10", 0xaf, 0x7}, {&(0x7f0000000a40)="7f", 0x1, 0x10001}, {&(0x7f0000000a80)="4d48df450698f010f9b554fe92304595", 0x10, 0x800}], 0x60802, &(0x7f0000000200)=ANY=[@ANYBLOB="666c6f636b3d6f70656e6166732c6175746f63656c6c2c61756469742c646f6e745f61707072fdd660752c00a1605dea238e4404a257c0a9f88f2b2660e3b269f8c6d4603a5bc3bbc181b5dfe33d79b6d824332b32d64d3b71871ab07dd7f54da6aead2bd4729d0dc55315f6176968c69dd6870a4952ba2d2ce8d26c7843fe4786"])
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$CAPI_GET_PROFILE(r3, 0xc0404309, &(0x7f0000000c80)=0x1)
r4 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r4, 0xc06c4124, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = fcntl$dupfd(r5, 0x0, r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x1b, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x36, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
socket$netlink(0x10, 0x3, 0x1)

04:08:04 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dc"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:08:04 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x5501, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:04 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x10000e000)

04:08:04 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000840)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000003166480767983660000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002dd084ea37379d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffffa1a8485b6b773180813fbd1450c023f3693b4c9c2f36dbd91aa2576cfde3b022bb"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:08:04 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x8138ae83, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:04 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x6364, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:04 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="726106000000000000000000000000000000000000000000000000900bbe174ea65e26c60000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e670000000000000000000000000000000000000000000000010000f2ff6bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f802700000000000000000000006800435400000000000000000000000000000000000000000b000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000009f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800"/900], 0x1)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
clock_gettime(0x0, &(0x7f0000000180)={<r3=>0x0, <r4=>0x0})
rt_sigtimedwait(&(0x7f00000000c0)={[0x2]}, &(0x7f0000000100), &(0x7f00000001c0)={r3, r4+10000000}, 0x8)
prctl$PR_SET_DUMPABLE(0x4, 0x0)
getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x28, &(0x7f0000000040)={@remote, @private}, &(0x7f0000000080)=0xc)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:08:04 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
mkdirat$cgroup(r3, &(0x7f0000000080)='syz0\x00', 0x1ff)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='numa_maps\x00')

[  642.479858][   T27] audit: type=1804 audit(1589170084.714:176): pid=23319 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/432/cgroup.controllers" dev="sda1" ino=16091 res=1
04:08:04 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x10000e001)

04:08:04 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000580)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000023b038280e8c94f0d9778c00000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e853828b865bd7239f20dcbc7c9a63b5f5cf9b0840bace7a91c03000000000000009a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbdefc1dc61f80270000000000000000000000680043540000000000000000006f4c4cf10000000000000000000000000000020000000000000000000000007070747000000000000000000000000073197a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff98494886d09800f800000000000000000000000000000000000000000028007270f5fcd77c27a974d084d320d6af7766696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0716000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff04d646ae80c563a6a8a3d7e27cee8f8ce8654a53109c14d1603ae856508ef44d3b4fc985d4c1246956ad91392aee4de792de3de39dc16a83b4e4f8d36859310141cc6e9916bf57a121c3b40bd6b47a274bf6e84c9ea765373f11ea91206f83f49b37197407ab9061b3b57e3156ff22fa5b3b58831a68f608acf60874759882f7d5f07f9beea049e43220eb91afb6699330f4072d0d8b69cb937115816f0780e4b2042f96edba9cdbf8ec518a2510844243dd1727c7142cea22227d40a3e5ce87a8ae111f3012c0998b585d7ef55e23e2463513288b2fcb4b1d261d4551c70225c7799813152f37860c7e87ba4a9d039af23242b2abdbd0fd3702f312ac9502a340412c59088c261f9325669ab7a34e694650ad6988cf80154ba9ad25e4b8372d2b168c0786049a83f317c8811b5ead33"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000540)={r3, r3, 0x15, 0x4, r3}, 0x14)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$BLKRRPART(r3, 0x125f, 0x0)
dup(r4)
preadv(r4, &(0x7f0000000480)=[{&(0x7f0000000040)=""/133, 0x85}, {&(0x7f0000000100)=""/139, 0x8b}, {&(0x7f0000000c80)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/143, 0x8f}, {&(0x7f0000000280)=""/106, 0x6a}], 0x5, 0x400)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = dup(r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r6, 0x40045532, &(0x7f0000000500))

04:08:04 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x5509, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:05 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000840)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff00003f0000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600080455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff1a3977f78eca3cbcba0000000000000000"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x2)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  642.810154][   T27] audit: type=1804 audit(1589170085.044:177): pid=23350 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/433/cgroup.controllers" dev="sda1" ino=16087 res=1
04:08:07 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:08:07 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc0045878, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:07 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x10000f000)

04:08:07 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = shmget(0xffffffffffffffff, 0x1000, 0xa08, &(0x7f0000ffe000/0x1000)=nil)
stat(&(0x7f0000000300)='./file0/file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
fstat(0xffffffffffffffff, &(0x7f0000001b80)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={<r6=>0x0, 0x0})
close(r6)
getsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f00000003c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in6=@dev}, 0x0, @in6=@mcast2}}, &(0x7f0000000100)=0xe8)
shmctl$IPC_SET(r3, 0x1, &(0x7f0000000840)={{0x0, r4, r5, r7, r5, 0x0, 0xb}, 0xb8fb, 0xffc, 0x3, 0x8000, 0x0, 0x0, 0x81})
shmat(r3, &(0x7f000096b000/0x4000)=nil, 0x4000)
r8 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vxcan0\x00'})
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:08:07 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x5601, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:07 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x8912, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:07 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x5)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  645.559358][   T27] audit: type=1804 audit(1589170087.794:178): pid=23393 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/434/cgroup.controllers" dev="sda1" ino=16112 res=1
04:08:08 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000880)=ANY=[@ANYBLOB="6261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000081600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c27000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff02827142c5a079a65003bddf27b0d2401224f89b8faf346315e0a558ba56e21b12f32c1b7b1a24a96ba793ff645d9310118d612f38a74cb679b4bf7d4670b89479d65d8f1dd0559c009368ac616c0d37"], 0x1)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r5, 0x84, 0x77, &(0x7f0000000040)={<r6=>0x0, 0x1f}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f00000000c0)={r6, 0xc0, "13d639e3776c7ac4b99e1b9fd80f36435655f951a4969541df1459e98c1da2e9ede19c6ad756a6013d007da257345d16975f0dcdd66392069f5276f266c6f52b1a4c958e2ada7d6789cdf6a76178a054e28e6453ac99ed542534bbfe7d9dbb070b50bba28263b883270d45679fa08336dfea932924182f4b36e7f60053e89c6506a0b8397fc6bced3f73cbfed309162c9a53bf6d21828f51c4be9f2b7a172027917c3a85d06d4d59f83c409ba5a7dd7b4ebb8f3e62533a2895edc9ad2af173eb"}, &(0x7f00000001c0)=0xc8)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = fcntl$dupfd(r7, 0x0, r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x300000d, 0x50, r0, 0xd5f2f000)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
ioctl$VFIO_GET_API_VERSION(r5, 0x3b64)

04:08:08 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x10000ffe0)

04:08:08 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc0045878, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:08 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000180)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f0000000080)={0x9a0000, 0x6, 0x0, <r1=>0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x9909e2, 0x7b306e2a, [], @value=0x401}})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = accept$packet(r3, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000100)=0x14)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r0, &(0x7f0000000140)={r1, r4, 0x8001})
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
dup(r5)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0xc8000000, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:08:08 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x6364, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  646.058641][   T27] audit: type=1804 audit(1589170088.294:179): pid=23432 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/435/cgroup.controllers" dev="sda1" ino=16120 res=1
04:08:10 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:08:10 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x40c2, 0xd4)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r3=>0x0}, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000180)={0x4, 0x8000, 0xffffffff, 0x0, r3}, 0x10)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000040)={r3, 0x7, 0x10, 0x0, 0x3f}, &(0x7f0000000080)=0x18)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000840)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028f6ffffffffffff8e00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bac762b6bc3fb5be7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000060000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff070000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002bd79cfd40d4377c0000000000000000000000000000000000000000003971000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff3c47fc3c7bf806fbcb2eea342c4e36e2019a5e798f74ad97dde038e45d4db657653dac3194"], 0x1)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
prctl$PR_SET_DUMPABLE(0x4, 0x0)
r6 = gettid()
getsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000100), &(0x7f0000000140)=0x4)
ptrace$setopts(0x4206, r6, 0x200000, 0x100077)
tkill(r6, 0x3c)
ptrace$cont(0x18, r6, 0x0, 0x0)
ptrace$setregs(0xd, r6, 0x0, &(0x7f0000000080))
syz_open_procfs(r6, &(0x7f0000000300)='net/rpc\x00')

04:08:10 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc0085504, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:10 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x10000fff0)

04:08:10 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x890b, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:10 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x8933, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:10 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$TIOCL_SETVESABLANK(r4, 0x541c, &(0x7f0000000040))
r5 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
r7 = dup(r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
recvfrom(r7, &(0x7f0000000080)=""/216, 0xd8, 0x41, &(0x7f0000000180)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e24, @loopback}}, 0x80)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0, {[0xfffffffffffffffc]}}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  648.625398][   T27] audit: type=1800 audit(1589170090.865:180): pid=23480 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16135 res=0
[  648.706964][   T27] audit: type=1804 audit(1589170090.895:181): pid=23488 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/436/cgroup.controllers" dev="sda1" ino=16118 res=1
04:08:11 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x1001cc2fa)

04:08:11 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$VIDIOC_QUERYBUF(r5, 0xc0585609, &(0x7f0000000040)={0x9, 0xb, 0x4, 0x80000, 0x5, {}, {0x2, 0x0, 0x0, 0x3f, 0x81, 0x5, "902b7c8c"}, 0x1acd, 0x2, @offset=0x6, 0x8000, 0x0, <r6=>r0})
write$FUSE_LSEEK(r6, &(0x7f00000000c0)={0x18, 0x0, 0x6, {0x6}}, 0x18)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:08:11 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x8912, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  648.944614][   T27] audit: type=1804 audit(1589170091.185:182): pid=23501 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/437/cgroup.controllers" dev="sda1" ino=16134 res=1
04:08:11 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc008ae05, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:11 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
dup(r0)
getsockopt$IP_SET_OP_GET_FNAME(r0, 0x1, 0x53, &(0x7f0000000040)={0x8, 0x7, 0x0, 'syz1\x00'}, &(0x7f0000000080)=0x2c)
r1 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000b70000000000000000000000000000000000010200000300000028030000000000008f000000fffffff8980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff070e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00"/900], 0x1)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r1, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:08:13 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:08:13 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000840)=ANY=[], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
r4 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
accept$netrom(r4, &(0x7f00000000c0)={{}, [@netrom, @null, @rose, @bcast, @remote, @remote, @netrom, @rose]}, &(0x7f0000000140)=0x48)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$EVIOCSKEYCODE(r3, 0x40084504, &(0x7f0000000080)=[0x158f4a47, 0x1])
r6 = dup(r5)
msgget$private(0x0, 0x4c8)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
unlinkat(r6, &(0x7f0000000040)='./file0\x00', 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

04:08:13 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x1fffff000)

04:08:13 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc008ae67, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:13 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x8914, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:13 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x894b, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:14 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x10000c000)

[  651.789854][   T27] audit: type=1804 audit(1589170094.025:183): pid=23565 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/438/cgroup.controllers" dev="sda1" ino=16155 res=1
04:08:14 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x8933, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:14 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x1ffffffe0)

04:08:14 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc008aeb0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  652.164787][   T27] audit: type=1804 audit(1589170094.405:184): pid=23578 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir529998440/syzkaller.YRmlzs/404/cgroup.controllers" dev="sda1" ino=16159 res=1
[  652.486680][   T27] audit: type=1804 audit(1589170094.725:185): pid=23591 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/439/cgroup.controllers" dev="sda1" ino=16150 res=1
04:08:14 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x89e0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:15 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc00caee0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  652.981047][   T27] audit: type=1804 audit(1589170095.215:186): pid=23599 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/439/cgroup.controllers" dev="sda1" ino=16150 res=1
[  654.123936][    T0] NOHZ: local_softirq_pending 08
04:08:16 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77de"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:08:16 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xae01, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:16 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc0189436, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:16 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x1fffffff0)

04:08:16 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
clock_settime(0x7, &(0x7f0000000100))
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
clock_gettime(0x0, &(0x7f0000000040)={<r3=>0x0, <r4=>0x0})
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = dup(r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
ioctl$VIDIOC_QBUF(r2, 0xc058560f, &(0x7f0000000140)={0x1f, 0x4, 0x4, 0x0, 0x2, {r3, r4/1000+10000}, {0x1, 0x1, 0x3, 0x0, 0x6c, 0x9, "d2140a38"}, 0x0, 0x1, @fd, 0x4b, 0x0, <r7=>r6})
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x10, r7, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')
socket$can_j1939(0x1d, 0x2, 0x7)

04:08:16 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x8982, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:16 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000340)='systemem0md5sum$\x00\x10^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xc5k\x8f\xfa\xd5\xb1V\x95N\x19\xa8\x94t^\x7f\n\xdb\x14j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\xe0\xfc3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)h\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbcE\x0ehb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xday<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1\x18\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="7261060000000000000000000000000000000000000000000000000000000000010200000300000028030000000000008f00000000000000980100009801000090020000900200009002000090020000900200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d800000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006bf9ffffff0000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde838936ebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ffcfc1dc61f8027000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r2, 0x0, r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  654.860316][   T27] audit: type=1804 audit(1589170097.095:187): pid=23647 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/440/cgroup.controllers" dev="sda1" ino=16169 res=1
04:08:17 executing program 3 (fault-call:3 fault-nth:0):
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:17 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  655.129055][T23668] FAULT_INJECTION: forcing a failure.
[  655.129055][T23668] name failslab, interval 1, probability 0, space 0, times 0
[  655.175907][T23668] CPU: 1 PID: 23668 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  655.184619][T23668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  655.194777][T23668] Call Trace:
[  655.198108][T23668]  dump_stack+0x11d/0x187
[  655.202821][T23668]  should_fail.cold+0x5/0xf
[  655.207450][T23668]  __should_failslab+0x82/0xb0
[  655.212232][T23668]  should_failslab+0x5/0xf
[  655.216819][T23668]  __kmalloc_track_caller+0x4c/0x640
[  655.222341][T23668]  ? __do_sys_bpf+0x28cf/0x3100
[  655.229917][T23668]  ? __fget_light+0xc0/0x1a0
[  655.234521][T23668]  memdup_user+0x2c/0xc0
[  655.238911][T23668]  __do_sys_bpf+0x28cf/0x3100
[  655.243759][T23668]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  655.249786][T23668]  ? __this_cpu_preempt_check+0x3c/0x130
[  655.255449][T23668]  ? __sb_end_write+0x70/0x120
[  655.260234][T23668]  __x64_sys_bpf+0x47/0x60
[  655.264696][T23668]  do_syscall_64+0xc7/0x3b0
[  655.269287][T23668]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  655.275187][T23668] RIP: 0033:0x45c829
[  655.279291][T23668] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  655.299137][T23668] RSP: 002b:00007f756e297c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  655.307565][T23668] RAX: ffffffffffffffda RBX: 00000000004da360 RCX: 000000000045c829
[  655.315667][T23668] RDX: 000000000000002c RSI: 0000000020003000 RDI: 0000000000000002
04:08:17 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xae03, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:17 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000000c0)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000000, 0x10, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)

[  655.323650][T23668] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  655.331627][T23668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[  655.339611][T23668] R13: 000000000000005e R14: 00000000004c2fd3 R15: 00007f756e2986d4
04:08:17 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc020660b, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  656.119080][   T27] audit: type=1804 audit(1589170098.355:188): pid=23690 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/441/cgroup.controllers" dev="sda1" ino=16174 res=1
[  656.199390][   T27] audit: type=1804 audit(1589170098.436:189): pid=23690 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/441/cgroup.controllers" dev="sda1" ino=16174 res=1
[  656.272972][   T27] audit: type=1800 audit(1589170098.466:190): pid=23681 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="cgroup.controllers" dev="sda1" ino=16174 res=0
[  656.297844][   T27] audit: type=1800 audit(1589170098.466:191): pid=23690 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="cgroup.controllers" dev="sda1" ino=16174 res=0
04:08:20 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77de"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:08:20 executing program 3 (fault-call:3 fault-nth:1):
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:20 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xae41, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:20 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:20 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x10200, 0x0)
getsockopt$IP6T_SO_GET_REVISION_TARGET(r3, 0x29, 0x45, &(0x7f0000000140)={'IDLETIMER\x00'}, &(0x7f0000000180)=0x1e)
sendfile(r2, r1, 0x0, 0x100000002)

04:08:20 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x89f1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  657.872631][T23719] FAULT_INJECTION: forcing a failure.
[  657.872631][T23719] name failslab, interval 1, probability 0, space 0, times 0
[  657.928914][T23719] CPU: 0 PID: 23719 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  657.937652][T23719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  657.947707][T23719] Call Trace:
[  657.951029][T23719]  dump_stack+0x11d/0x187
[  657.955374][T23719]  should_fail.cold+0x5/0xf
[  657.959951][T23719]  __should_failslab+0x82/0xb0
[  657.964726][T23719]  should_failslab+0x5/0xf
[  657.969150][T23719]  __kmalloc+0x54/0x640
[  657.973310][T23719]  ? __do_sys_bpf+0x145f/0x3100
[  657.978170][T23719]  ? _copy_from_user+0xb3/0xf0
[  657.982941][T23719]  __do_sys_bpf+0x145f/0x3100
[  657.987625][T23719]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  657.993520][T23719]  ? __this_cpu_preempt_check+0x3c/0x130
[  657.999154][T23719]  ? __sb_end_write+0x70/0x120
[  658.003931][T23719]  __x64_sys_bpf+0x47/0x60
[  658.008410][T23719]  do_syscall_64+0xc7/0x3b0
[  658.009068][   T27] audit: type=1804 audit(1589170100.246:192): pid=23730 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/442/cgroup.controllers" dev="sda1" ino=16234 res=1
[  658.012919][T23719]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  658.012933][T23719] RIP: 0033:0x45c829
[  658.012955][T23719] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  658.012976][T23719] RSP: 002b:00007f756e297c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  658.075129][T23719] RAX: ffffffffffffffda RBX: 00000000004da360 RCX: 000000000045c829
[  658.083100][T23719] RDX: 000000000000002c RSI: 0000000020003000 RDI: 0000000000000002
[  658.091079][T23719] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  658.099057][T23719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[  658.107029][T23719] R13: 000000000000005e R14: 00000000004c2fd3 R15: 00007f756e2986d4
04:08:20 executing program 3 (fault-call:3 fault-nth:2):
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:20 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x2, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  658.338404][T23741] FAULT_INJECTION: forcing a failure.
[  658.338404][T23741] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  658.351736][T23741] CPU: 1 PID: 23741 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  658.360465][T23741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  658.370517][T23741] Call Trace:
[  658.373816][T23741]  dump_stack+0x11d/0x187
[  658.378198][T23741]  should_fail.cold+0x5/0xf
[  658.382715][T23741]  __alloc_pages_nodemask+0xcf/0x300
[  658.388024][T23741]  cache_grow_begin+0x74/0x560
[  658.392830][T23741]  ? cache_alloc_pfmemalloc+0x1e/0x140
[  658.398326][T23741]  __kmalloc+0x561/0x640
[  658.402574][T23741]  ? __do_sys_bpf+0x145f/0x3100
[  658.407429][T23741]  __do_sys_bpf+0x145f/0x3100
[  658.412115][T23741]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  658.418018][T23741]  ? __this_cpu_preempt_check+0x3c/0x130
[  658.427736][T23741]  ? __sb_end_write+0x70/0x120
[  658.432514][T23741]  __x64_sys_bpf+0x47/0x60
[  658.436937][T23741]  do_syscall_64+0xc7/0x3b0
[  658.441472][T23741]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  658.447377][T23741] RIP: 0033:0x45c829
[  658.451274][T23741] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  658.470879][T23741] RSP: 002b:00007f756e297c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  658.479293][T23741] RAX: ffffffffffffffda RBX: 00000000004da360 RCX: 000000000045c829
04:08:20 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xae80, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  658.487261][T23741] RDX: 000000000000002c RSI: 0000000020003000 RDI: 0000000000000002
[  658.495257][T23741] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  658.503304][T23741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[  658.511372][T23741] R13: 000000000000005e R14: 00000000004c2fd3 R15: 00007f756e2986d4
04:08:20 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = dup(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00')
sendmsg$TIPC_NL_MEDIA_SET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x2c, r6, 0x1, 0x0, 0x0, {0xb}, [@TIPC_NLA_MEDIA={0x18}]}, 0x2c}}, 0x0)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r4, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)={0x128, r6, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xeb}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x400}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffffff8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x200}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x24ef}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xac3b}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}]}, @TIPC_NLA_SOCK={0x40, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x1ff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}]}, @TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x91}]}, @TIPC_NLA_LINK={0x60, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fff}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x200}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x21e}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x1}, 0x20000800)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
getsockopt$bt_sco_SCO_OPTIONS(r2, 0x11, 0x1, &(0x7f0000000200)=""/237, &(0x7f00000000c0)=0xed)
mmap(&(0x7f00000cd000/0x4000)=nil, 0x4000, 0x1, 0x100010, r0, 0x12c6a000)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r8, r7, 0x0, 0x100000002)

04:08:20 executing program 3 (fault-call:3 fault-nth:3):
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

[  658.719880][T23760] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[  658.776127][T23761] FAULT_INJECTION: forcing a failure.
[  658.776127][T23761] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  658.789350][T23761] CPU: 1 PID: 23761 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  658.798018][T23761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  658.808440][T23761] Call Trace:
[  658.811745][T23761]  dump_stack+0x11d/0x187
[  658.816090][T23761]  should_fail.cold+0x5/0xf
[  658.820610][T23761]  __alloc_pages_nodemask+0xcf/0x300
[  658.825910][T23761]  cache_grow_begin+0x74/0x560
[  658.830679][T23761]  ____cache_alloc_node+0x160/0x1b0
[  658.835878][T23761]  __kmalloc+0x19a/0x640
[  658.840125][T23761]  ? __do_sys_bpf+0x145f/0x3100
[  658.845059][T23761]  __do_sys_bpf+0x145f/0x3100
[  658.849747][T23761]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  658.855644][T23761]  ? __this_cpu_preempt_check+0x3c/0x130
[  658.861294][T23761]  ? __sb_end_write+0x70/0x120
[  658.866115][T23761]  __x64_sys_bpf+0x47/0x60
[  658.870547][T23761]  do_syscall_64+0xc7/0x3b0
[  658.875057][T23761]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  658.880947][T23761] RIP: 0033:0x45c829
[  658.884956][T23761] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  658.904562][T23761] RSP: 002b:00007f756e297c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  658.912985][T23761] RAX: ffffffffffffffda RBX: 00000000004da360 RCX: 000000000045c829
04:08:21 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x400454ca, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  658.920955][T23761] RDX: 000000000000002c RSI: 0000000020003000 RDI: 0000000000000002
[  658.928958][T23761] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  658.936931][T23761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[  658.944903][T23761] R13: 000000000000005e R14: 00000000004c2fd3 R15: 00007f756e2986d4
[  659.351661][   T27] audit: type=1804 audit(1589170101.596:193): pid=23764 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/443/cgroup.controllers" dev="sda1" ino=16234 res=1
[  659.402923][T23760] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[  659.443141][   T27] audit: type=1804 audit(1589170101.656:194): pid=23782 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/443/cgroup.controllers" dev="sda1" ino=16234 res=1
[  659.506548][   T27] audit: type=1800 audit(1589170101.716:195): pid=23757 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="cgroup.controllers" dev="sda1" ino=16234 res=0
[  659.531810][   T27] audit: type=1800 audit(1589170101.716:196): pid=23782 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="cgroup.controllers" dev="sda1" ino=16234 res=0
04:08:23 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:23 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77de"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:08:23 executing program 3 (fault-call:3 fault-nth:4):
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:23 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x400454d4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:23 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0xae01, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:23 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
clock_gettime(0x0, &(0x7f0000000340)={<r3=>0x0, <r4=>0x0})
ioctl$VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f00000003c0)={0x6, 0xc, 0x4, 0x0, 0x20000000, {r3, r4/1000+60000}, {0x1, 0x1e, 0x4, 0x0, 0x3f, 0x0, "231502e7"}, 0x5, 0x1, @planes=&(0x7f0000000380)={0x6, 0x3, @userptr=0x7f, 0x6}, 0x2, 0x0, <r5=>r0})
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
r7 = dup(r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
write$binfmt_script(r5, &(0x7f0000000180)=ANY=[@ANYRESHEX=r7, @ANYRESHEX=r0], 0x208e24b)
r8 = syz_open_dev$sndpcmp(&(0x7f0000000140)='/dev/snd/pcmC#D#p\x00', 0x3, 0xa8100)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r8, 0xc0884113, &(0x7f0000000440)={0x0, 0x3, 0x1fd, 0x8e7e, 0x0, 0xfff, 0xfffffffffffff6aa, 0x3, 0x7, 0x3fe, 0xfffffff9})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000070603000000000000000000000071960500010007000000"], 0x17}, 0x1, 0x0, 0x0, 0x90}, 0x1)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1b, &(0x7f00000000c0)=0x8000, 0x4)
sendfile(r10, r9, 0x0, 0x100000002)

[  661.116089][T23800] FAULT_INJECTION: forcing a failure.
[  661.116089][T23800] name fail_page_alloc, interval 1, probability 0, space 0, times 0
04:08:23 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
r1 = dup2(r0, r0)
accept4$alg(r1, 0x0, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$FS_IOC_MEASURE_VERITY(r3, 0xc0046686, &(0x7f0000000200)={0x3, 0xc7, "3e7952f542c08fd3164c6d2cf845ac885171459cb031d3c8efc779cc4e531ec58d72a071bcfac80b311ec26225b7a592ddcf39638431337bec3497cb721583c69e5d0900ce5c5430cfcd289e1c01e18f9ab2cac2a6bbb60ad91beecb0714463f9e91de699f4a6368086bfbd19cdad9e8b8cc1b1efdf6000d3455d13ca947f6882f444700523586294549772392a533773f2fd7a77c27462f277974788c6ed9741718e4ec85dfb238ca7ea9ffc7e577b05892009d7d6cd66b0d358c37d672327edd1bdaf29d8815"})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000180)=ANY=[], 0x208e24b)
ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000140)={0x0, 0x9, 0x40, &(0x7f00000000c0)=0x1})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x3}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x81}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr=' \x01\x00'}]}}]}, 0x68}}, 0x0)
r6 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r7=>0x0}, &(0x7f0000cab000)=0xa)
setreuid(0x0, r7)
setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000300)={{{@in6=@mcast2, @in6=@mcast2, 0x4e20, 0x0, 0x4e24, 0x0, 0x2, 0x80, 0xc0, 0x6, 0x0, r7}, {0x1, 0x8, 0xff, 0x3, 0x2, 0x81, 0x1000, 0x4}, {0x5, 0x9, 0x4}, 0x80000000, 0x6e6bbc, 0x0, 0x0, 0x2, 0x1}, {{@in=@remote, 0x4d4, 0x32}, 0x2, @in=@loopback, 0x0, 0x0, 0x1, 0x8b, 0x3ff, 0x5, 0x100}}, 0xe8)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007060300000000000091cb4becd9a1d00000000000000005"], 0x1c}}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r8, r5, 0x0, 0x100000002)

[  661.185411][T23800] CPU: 1 PID: 23800 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  661.194162][T23800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  661.204650][T23800] Call Trace:
[  661.207947][T23800]  dump_stack+0x11d/0x187
[  661.212327][T23800]  should_fail.cold+0x5/0xf
[  661.216891][T23800]  __alloc_pages_nodemask+0xcf/0x300
[  661.222207][T23800]  alloc_pages_current+0xca/0x170
[  661.227335][T23800]  pte_alloc_one+0x14/0x50
04:08:23 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(0x0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  661.231756][T23800]  __handle_mm_fault+0x2d17/0x2da0
[  661.236880][T23800]  ? apic_timer_interrupt+0xa/0x20
[  661.242549][T23800]  handle_mm_fault+0x21c/0x540
[  661.247322][T23800]  do_page_fault+0x48a/0xa96
[  661.251913][T23800]  page_fault+0x34/0x40
[  661.256079][T23800] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30
[  661.262667][T23800] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 <f3> a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4
[  661.283411][T23800] RSP: 0018:ffffc90003f6bda8 EFLAGS: 00010202
[  661.289481][T23800] RAX: ffff88809de1fa98 RBX: 0000000000743000 RCX: 000000000014ce20
[  661.297447][T23800] RDX: 0000000000209e20 RSI: 0000000000800000 RDI: ffff8881e14bd000
[  661.305433][T23800] RBP: 0000000000209e20 R08: 0000000000000000 R09: 000088809de1fc10
[  661.313407][T23800] R10: 0000ffffffffffff R11: 000088809de1fc17 R12: ffff8881e1400000
[  661.321376][T23800] R13: 000000000094ce20 R14: 00007ffffffff000 R15: 0000000000000000
[  661.329404][T23800]  _copy_from_user+0x92/0xf0
[  661.334020][T23800]  __do_sys_bpf+0x14b3/0x3100
[  661.338719][T23800]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  661.344611][T23800]  ? __this_cpu_preempt_check+0x3c/0x130
[  661.350242][T23800]  ? __sb_end_write+0x70/0x120
[  661.355049][T23800]  __x64_sys_bpf+0x47/0x60
[  661.359548][T23800]  do_syscall_64+0xc7/0x3b0
[  661.364061][T23800]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  661.369946][T23800] RIP: 0033:0x45c829
[  661.371843][   T27] audit: type=1804 audit(1589170103.426:197): pid=23817 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/445/cgroup.controllers" dev="sda1" ino=16205 res=1
[  661.373850][T23800] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  661.373948][T23800] RSP: 002b:00007f756e297c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  661.426141][T23800] RAX: ffffffffffffffda RBX: 00000000004da360 RCX: 000000000045c829
04:08:23 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x40045506, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  661.434156][T23800] RDX: 000000000000002c RSI: 0000000020003000 RDI: 0000000000000002
[  661.442131][T23800] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  661.450106][T23800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[  661.458079][T23800] R13: 000000000000005e R14: 00000000004c2fd3 R15: 00007f756e2986d4
04:08:23 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4004550a, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:23 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x4, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:23 executing program 3 (fault-call:3 fault-nth:5):
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:24 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x40049409, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:24 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:24 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
setsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f00000000c0)=0x81, 0x1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r4, r1, 0x0, 0x100000002)

04:08:24 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x5, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:24 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x3, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

[  662.295655][   T27] audit: type=1804 audit(1589170104.536:198): pid=23859 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/446/cgroup.controllers" dev="sda1" ino=16208 res=1
04:08:25 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0xae03, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:25 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x40085503, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:26 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(0x0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:08:26 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000070603000000000000050000000000000000010007000000"], 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ubi_ctrl\x00', 0x200002, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
sendmsg$IPSET_CMD_GET_BYNAME(r4, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x58, 0xe, 0x6, 0x201, 0x0, 0x0, {0x5, 0x0, 0x9}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0xd4}, 0x800)
sendfile(r2, r1, 0x0, 0x100000002)

04:08:26 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x4, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:26 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x6, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:26 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4008ae61, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  664.434408][   T27] audit: type=1804 audit(1589170106.676:199): pid=23923 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/447/cgroup.controllers" dev="sda1" ino=16208 res=1
04:08:26 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x5, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:26 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x7, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:26 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4008ae6a, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:27 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x6, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:27 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)
getresgid(&(0x7f00000000c0), &(0x7f0000000100)=<r3=>0x0, &(0x7f0000000180))
ioctl$TUNSETGROUP(0xffffffffffffffff, 0x400454ce, r3)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='attr/fscreate\x00')
getresgid(&(0x7f00000000c0), &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000180))
ioctl$TUNSETGROUP(r4, 0x400454ce, r5)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='attr/fscreate\x00')
getresgid(&(0x7f00000000c0), &(0x7f0000000100)=<r7=>0x0, &(0x7f0000000180))
ioctl$TUNSETGROUP(r6, 0x400454ce, r7)
r8 = syz_open_procfs(0x0, &(0x7f0000000080)='attr/fscreate\x00')
getresgid(&(0x7f00000000c0), &(0x7f0000000100)=<r9=>0x0, &(0x7f0000000180))
ioctl$TUNSETGROUP(r8, 0x400454ce, r9)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000380)={{}, {0x1, 0x1}, [{0x2, 0x3}, {0x2, 0x2}, {0x2, 0x1}, {0x2, 0x1}], {0x4, 0x3}, [{0x8, 0x1}, {0x8, 0x5}, {0x8, 0x0, 0xee01}, {0x8, 0x2}, {0x8, 0x3}, {0x8, 0x6}, {0x8, 0x1, r3}, {0x8, 0x6, r5}, {0x8, 0x3, r7}, {0x8, 0x0, r9}], {0x10, 0x5}, {0x20, 0x2}}, 0x94, 0x2)
syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x4, 0x1)

04:08:27 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0xae41, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:27 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x40010, r0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x298440, 0x0)
ioctl$DRM_IOCTL_SET_MASTER(r1, 0x641e)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000000706030000000029d4000000000000000500010007000000"], 0x1c}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r3, r2, 0x0, 0x100000002)

[  665.954655][   T27] audit: type=1804 audit(1589170108.186:200): pid=23973 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/449/cgroup.controllers" dev="sda1" ino=16201 res=1
[  666.002067][   T27] audit: type=1804 audit(1589170108.236:201): pid=23973 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/449/cgroup.controllers" dev="sda1" ino=16201 res=1
[  666.041347][   T27] audit: type=1800 audit(1589170108.266:202): pid=23970 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="cgroup.controllers" dev="sda1" ino=16201 res=0
[  666.075406][   T27] audit: type=1800 audit(1589170108.286:203): pid=23973 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="cgroup.controllers" dev="sda1" ino=16201 res=0
04:08:29 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4008ae90, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:29 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x7, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:29 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0xae80, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:29 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:29 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$IPSET_CMD_RENAME(r2, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, 0x5, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0xa1)
prctl$PR_GET_TID_ADDRESS(0x28, &(0x7f0000000240))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[], 0x1c}}, 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r4, r3, 0x0, 0x100000002)

04:08:29 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(0x0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:08:29 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x8, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:29 executing program 2:
modify_ldt$read(0x0, &(0x7f0000000200)=""/160, 0xa0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)

04:08:30 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x9, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:30 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x40095505, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  667.782557][   T27] audit: type=1804 audit(1589170110.027:204): pid=24024 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/451/cgroup.controllers" dev="sda1" ino=16113 res=1
04:08:30 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x1fc, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  667.962026][   T27] audit: type=1804 audit(1589170110.207:205): pid=24027 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/451/cgroup.controllers" dev="sda1" ino=16113 res=1
04:08:30 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0xa, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:30 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
write$binfmt_script(r0, &(0x7f00000000c0)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r4, r3, 0x0, 0x100000002)

04:08:30 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x300, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  668.260140][   T27] audit: type=1804 audit(1589170110.507:206): pid=24047 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/452/cgroup.controllers" dev="sda1" ino=16098 res=1
04:08:32 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:08:32 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:32 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0xb, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:32 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000000c0)={0x46, 0xf4, 0x8, 0x58, 0x2, 0x1f, 0x40, 0x79f, <r4=>0x0}, &(0x7f0000000140)=0x20)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000180)={r4, 0xb1, 0x8}, &(0x7f0000000200)=0x8)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

04:08:32 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x500, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:32 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0xae9a, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  670.650653][   T27] audit: type=1804 audit(1589170112.897:207): pid=24087 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/453/cgroup.controllers" dev="sda1" ino=16036 res=1
04:08:33 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x7, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x4}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0xffffff01}]}, 0x24}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)

04:08:33 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0xc, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:33 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x600, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:33 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae68, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:33 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0xd, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

[  670.962039][   T27] audit: type=1804 audit(1589170113.207:208): pid=24108 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/454/cgroup.controllers" dev="sda1" ino=16218 res=1
04:08:33 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0xe, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:35 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x700, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:35 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000180)={0xfffffff, 0x10001, 0x9, <r1=>r0, 0x0, &(0x7f0000000140)={0x9b0970, 0x4, [], @p_u32=&(0x7f00000000c0)=0x5}})
write$vhci(r1, &(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r3, r2, 0x0, 0x100000002)

04:08:35 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:08:35 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x40186366, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:35 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0xf, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:35 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x400454ca, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:36 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x10, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

[  673.821681][   T27] audit: type=1804 audit(1589170116.067:209): pid=24169 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/455/cgroup.controllers" dev="sda1" ino=16188 res=1
04:08:36 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x401870c8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:36 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
getpeername$ax25(r0, &(0x7f0000000140)={{0x3, @netrom}, [@rose, @remote, @null, @null, @rose, @netrom, @netrom, @default]}, &(0x7f00000000c0)=0x48)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000070603000000000000000000dd1f1a18e7a18f50dcbf15f300000000050017d46db20000b49307d58700832c79c1b41f054b3e8feda545be0836622913d3977960e7817630648346c88d71f3c4cbec36cb9a6274bb56e7f070157dad13cb8b25d53c66820e2f0a0abba6dbb6117eb71dedb123e743a85b1ca2a59774b03a1de1b882deb9a00e8092ebd5cb5db12a76d290db83605b2dca24246f869f7fc7e5c64a004ea369fa2f465b6269af"], 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/autofs\x00', 0x100080, 0x0)
r4 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x4, 0x40002)
ioctl$DRM_IOCTL_GET_STATS(r4, 0x80f86406, &(0x7f0000000440)=""/19)
sendmsg$NFNL_MSG_CTHELPER_GET(r3, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x44000004}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x7c, 0x1, 0x9, 0x201, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x17}, @NFCTH_STATUS={0x8}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x8}}, @NFCTH_TUPLE={0x10, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_STATUS={0x8}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x6}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x7fffffff}}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x7c}, 0x1, 0x0, 0x0, 0x20048000}, 0x10)
sendfile(r2, r1, 0x0, 0x100000002)

04:08:36 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x2000, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:36 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x11, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

[  674.252966][   T27] audit: type=1804 audit(1589170116.497:210): pid=24194 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/456/cgroup.controllers" dev="sda1" ino=16312 res=1
04:08:36 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x12, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:36 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4020565a, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:36 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
clock_gettime(0x0, &(0x7f00000000c0)={<r2=>0x0, <r3=>0x0})
ioctl$VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f0000000240)={0x2, 0xc, 0x4, 0x2000, 0x7ff, {r2, r3/1000+10000}, {0x2, 0xc, 0xf0, 0x2, 0x20, 0x0, "989f7357"}, 0xd6a, 0x3, @planes=&(0x7f0000000200)={0x4a19, 0x318, @userptr=0xc5, 0x16}, 0x3f6b, 0x0, <r4=>0xffffffffffffffff})
io_submit(0x0, 0x1, &(0x7f0000000300)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x1, 0xffffffffffffffff, &(0x7f0000000140)="e95d74c0567fae2fad5d119a4984ff8a0ff953acb422637960a63e9bf6059962d393eeea92819dc2c6ea4c5c8f6e319b9c2ec15e6c888c3592e1ea88668c4965776ddb636d03f9ddf5ba614caab1c2c4bac8188991633fcc7339983a421e7f14909fb569b1a2197c13de8258abba75c5fbd5c0181d8f8683ccb030c4fd40", 0x7e, 0x8d79, 0x0, 0x1, r4}])
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000070603000000000000001300000000400500010007000000"], 0x1c}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r7, r6, 0x0, 0x100000002)

[  674.699010][   T27] audit: type=1804 audit(1589170116.937:211): pid=24217 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/457/cgroup.controllers" dev="sda1" ino=16205 res=1
04:08:38 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:08:38 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x13, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:38 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x4000, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:38 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4020940d, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:38 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
dup(r1)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000140)={0xf000000, 0x10002, 0x0, r1, 0x0, &(0x7f00000000c0)={0x9909df, 0x101, [], @p_u16=&(0x7f0000000180)=0x401}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r3, r2, 0x0, 0x100000002)

04:08:38 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x400454ce, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  676.876805][   T27] audit: type=1804 audit(1589170119.117:212): pid=24248 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/458/cgroup.controllers" dev="sda1" ino=16192 res=1
04:08:39 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x14, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:39 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0xfc01, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:39 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x14, 0x7, 0x6, 0x3}, 0x14}, 0x1, 0x0, 0x0, 0x20000010}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00')
sendmsg$TIPC_NL_MON_PEER_GET(r4, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x802}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="10002cbd7000fbdbdf251300000014000680080001000800000004000200040002003c000280080001000100000008000100840300000c0003800800010000020000080001000100000008000100060000000400040008000100060000001c0003800800030001000100080001004c00000008000100070000002c00038008000300db06000008000300ff00000008000100080000000800030006000000080003000100000048000780080002000400000008000100f10000000c00030002000000000000000c00040004000000000000000c000300e50000000000000008000100050000000800010009000000"], 0xf4}, 0x1, 0x0, 0x0, 0x810}, 0x4000040)

04:08:39 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:39 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x15, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

[  677.314853][   T27] audit: type=1804 audit(1589170119.557:213): pid=24273 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/459/cgroup.controllers" dev="sda1" ino=16190 res=1
04:08:39 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = openat$cgroup_ro(r2, &(0x7f0000000000)='cpuacct.usage_sys\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="1a0000000706030000e3f703fa65a63947cf33350903000000000000000000000005000100070000002de4caf46bede99d6f85a817de0a338a5b73d4006c99bd70f6e8100d5452bc87b44c0b1dff61d86e7fb5948793daddf954b8e7fe6b38ab5c790587276b80aff5"], 0x1c}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r4, r3, 0x0, 0x100000002)

04:08:42 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:08:42 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x16, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:42 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4020ae76, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:42 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r4 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r5=>0x0}, &(0x7f0000cab000)=0xa)
setreuid(0x0, r5)
syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x7, &(0x7f0000000680)=[{&(0x7f0000000200)="b90d05f98f28116d93028e92d00136a2d213f8e6a122eff5f8e6c1f061965d0dd306c48e2a53344a9b73809d7ad058acbc202348dd9bf186becacf87490099054d0db3ec9beceb5f8b9a2f15fe126476a96b12f49b23fedf5d4f45de160b2241dbae7ab80edb4cb8ba61828787f411873d9fc9a4daee7d0a23ce816124253238226a61607ba5f59c194a390f0c5455dc9c674815db75101a3ef84e37e2be3d603b7ac0fa9839927fd84c3fdd787d899c891a7ff5324440786a98359a7581dd2e438da3d703ff6a8c98a3b060514f144472b543437ed534e72cddd1d7", 0xdc}, {&(0x7f0000000300)="4f3ce6ec4cc177690851258bccccaddf872b738f677af6132c308ecb2baace7bd6a775987baa1d4b4ca1dfc3cb4ad01789e64d7ec3f15850731c459519d84dd5e1cb51a7fbac4d61966a60adb136646a260fabf874a34814e214e577044cac37e1c7d60fbcc404d2b308e561c0c04fd7b7f771b104501bd3df58c71b1cf99896526154a13b7c17ee6a2e23da656cf8151e4de4da08a9a9ce717f319333b81acd18d1a8d66767cc84125fac04132f34bbae051f2fb43710ca65c903a186d5e6ebe3504e36330207d683389b10f2c4713dc4e8fc0ba7b2e9244a2809099d957f9dd9d906d47307de35f43fd5e5e8f91008", 0xf0, 0x642f3ed}, {&(0x7f0000000400)="6aac9814335db2efde2e9b3c9f1650c3158c1578e4e7ebc67873a89ac932ff6f91f016bf303809cd649b2709f084909c589a7456bcb3159e6613d6dff02ca694f852bae1dabf10b9cd604cdd51c7c49ffb8ee5132239a3a96ceeb3600b50d1647e864d3136f42df7c4b866e124901829742b0baeccab51e08e8517bd66ca53eac21bcec64867df09de4506deada3e08e69ee30f17f3775514a99223e0850018c31", 0xa1, 0x3ff}, {&(0x7f00000004c0)="7c29464941d8dd5054db63abb3c22e95323654ce13f8b15220e321579bf07fbb4e6625c8782d794af2e7da87074e2e938348e5ed8e5addeba13f294ba034b5c5093471ac3f3990473c5e2378c85711f74288405919720e08535a7184d5a10570c044e994a9977d0613e02a0fd2c20a1d27e97381d48e", 0x76, 0x5}, {&(0x7f0000000180)="7e4651bfe77842b0880c1b0b95b5627c4a46ce345ca465066ecb9b28172dc0b3", 0x20, 0x7}, {&(0x7f0000000540)="7bbad86a08fe24599544a1f93e1db458df60f86958d5635e208ff52d661c685c765d314a332db86268bd5e3eae7a0e541fe3551ff986847321e95c39a2630a08aa16", 0x42, 0x1}, {&(0x7f00000005c0)="5ecdd09d5751cae976a8423b06d34b891c4df7e684d472b0af3d6711d65895ec69f6d1be910b5b2fb9dd2afc8bbd2a82c37ff39905ea5cb375b972a1f79a19c94df5cfd622457e90934a73e3883a3cdca88aaaab71b2141068c049e3b75d77307a3d5e6ed7a6f1ddd36d49620a76f5209fbf78c4c79b9f051e863e3c0e0976a404563c818baab2974a1e53ecffc47a5e08f60c24fe6dab1de580e8c2449a5b792c26f83be332a04bb925a19aa96f8f6951be4eac", 0xb4, 0x1}], 0x340c42, &(0x7f0000000740)={[{@fat=@uid={'uid', 0x3d, r5}}, {@nodots='nodots'}]})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r6, r3, 0x0, 0x100000002)

04:08:42 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x40045506, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:42 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0xff00, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:42 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x17, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:42 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = dup(r3)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="000000f2ffffff0028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="005042488c23492881ad93efde8b98bd459e7e3a44"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000002400ffffff7f000000003c0005000000", @ANYRES32=r8, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0x3}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x81}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr=' \x01\x00'}]}}]}, 0x68}}, 0x0)
setsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f0000000280)={@remote, @local, r8}, 0xc)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x68, 0x3, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x68}, 0x1, 0x0, 0x0, 0x4000000}, 0x4008000)
sendfile(r2, r1, 0x0, 0x100000002)

04:08:42 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4020aea5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:42 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x200000, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  680.347912][   T27] audit: type=1804 audit(1589170122.578:214): pid=24345 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/462/cgroup.controllers" dev="sda1" ino=16312 res=1
04:08:42 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x18, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:42 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)
getsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f00000000c0), &(0x7f0000000140)=0x4)

[  680.667749][   T27] audit: type=1804 audit(1589170122.898:215): pid=24366 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/463/cgroup.controllers" dev="sda1" ino=16184 res=1
04:08:45 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:08:45 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x19, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:45 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4040ae79, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:45 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x80ffff, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:45 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000000706030025fe000800000000fa0819d600010009000000"], 0x1c}}, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
getsockname$packet(r3, &(0x7f00000000c0), &(0x7f0000000140)=0x14)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r4, r1, 0x0, 0x100000002)

04:08:45 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4004550a, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  683.032473][   T27] audit: type=1804 audit(1589170125.268:216): pid=24401 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/464/cgroup.controllers" dev="sda1" ino=16194 res=1
[  683.069057][T24401] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
04:08:45 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x1a, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:45 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4068aea3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:45 executing program 2:
r0 = syz_open_dev$radio(&(0x7f00000000c0)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000140)={0x1, 0x4, 0xe0, 0x4000})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x80, 0x0)
sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0xffffffffffffffa7, 0x7, 0x6, 0xa03}, 0x1c}, 0x1, 0x0, 0x0, 0x854}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r4, r2, 0x0, 0x100000002)

04:08:45 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x1000000, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:45 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x1b, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

[  683.515178][   T27] audit: type=1804 audit(1589170125.748:217): pid=24426 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/465/cgroup.controllers" dev="sda1" ino=16234 res=1
04:08:45 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x1c, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:48 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:08:48 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x2000000, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:48 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4090ae82, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:48 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x40c2, 0xd4)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
setsockopt$bt_BT_FLUSHABLE(r4, 0x112, 0x8, &(0x7f0000000140)=0x8, 0x4)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r5=>0x0}, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000180)={0x4, 0x8000, 0xffffffff, 0x0, r5}, 0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000200)={r5, @in6={{0xa, 0x4e20, 0x3, @local, 0xac}}, 0x400, 0x9, 0x0, 0xe024, 0x4, 0x8000, 0x7f}, 0x9c)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x14, 0x7, 0x6, 0x3}, 0x14}}, 0x20000091)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r6, r1, 0x0, 0x100000002)
r7 = msgget$private(0x0, 0x0)
msgctl$IPC_RMID(r7, 0x0)
msgsnd(r7, &(0x7f00000002c0)=ANY=[@ANYBLOB="000000000000000078547d4d33b8770c00fa0f55b87f5e3b786f823e4b1662b15628d8ccdf34888717757987d67ce7c39143f460bd32907bce3f000000000000001316e666e21dea1ec8a2941fa77d417d1181bfc7a8"], 0x56, 0x800)

04:08:48 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x1d, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:48 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x40047452, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  686.094758][   T27] audit: type=1804 audit(1589170128.328:218): pid=24467 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/466/cgroup.controllers" dev="sda1" ino=16209 res=1
04:08:48 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0xffffffffffffffff, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

[  686.182097][   T27] audit: type=1800 audit(1589170128.358:219): pid=24467 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16179 res=0
04:08:48 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001106040000000000000000000000a6000500010007000000"], 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)

04:08:48 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x41015500, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:48 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x3000000, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:48 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x2, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

[  686.514882][   T27] audit: type=1804 audit(1589170128.748:220): pid=24496 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/467/cgroup.controllers" dev="sda1" ino=16263 res=1
04:08:48 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4138ae84, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:51 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:08:51 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x4, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:51 executing program 2:
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dri/renderD128\x00', 0xa0100, 0x0)
r1 = gettid()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x3c)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r1, 0x0, 0x0)
r2 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r3=>0x0}, &(0x7f0000cab000)=0xa)
setreuid(0x0, r3)
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f00000002c0)={0x9, 0x9, {r1}, {r3}, 0x3, 0xfffffffffffffff9})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00')
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x28, r5, 0x2, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0x8}, @NL80211_ATTR_BSSID={0xa, 0xf5, @broadcast}]}, 0x28}, 0x1, 0x0, 0x0, 0x40044}, 0x20000000)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r7, r6, 0x0, 0x100000002)

04:08:51 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:51 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x800454e0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:51 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x40049409, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:51 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
socket(0xa, 0x2, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r3=>0x0}, &(0x7f0000cab000)=0xc)
setreuid(0x0, r3)
mount$9p_rdma(&(0x7f0000000140)='127.0.0.1\x00', &(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x810052, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000:\x00\x00\x0024,cache=mmap,msize=0xffffffff00000000,rq=0x00000000000003ff,timeout=0x000000000000ffff,rq=0x00000000ffffffff,dont_measure,uid>', @ANYRESDEC=r3, @ANYBLOB="2c61707072616973655f747970653d696d617369672c636f6e746578743d73746166665f752c726f6f74636f6e746578743d73797361646d5f752c68616aff0f1222634812efd973682c6f626a5f273d2119747970653d2f6445762f7562695f636872"])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$FBIOPAN_DISPLAY(0xffffffffffffffff, 0x4606, &(0x7f0000000380)={0x1676, 0x78, 0x1e0, 0x80, 0x7, 0x6, 0x1, 0x1, {0x81, 0x3f}, {0x6, 0x3, 0x1}, {0x10001, 0xfffffffe, 0x1}, {0x4, 0x1f, 0x1}, 0x2, 0x1, 0x4, 0x8, 0x0, 0x81, 0x80000000, 0x1, 0x7, 0x5, 0x1, 0x8, 0x1b, 0x200, 0x0, 0x8})
r6 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, &(0x7f0000000240)={<r7=>0x0, 0x401}, &(0x7f0000000280)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000002c0)={0x100, 0x7, 0x208, 0x8, 0x6, 0x5e, 0x3, 0x1, r7}, 0x20)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ubi_ctrl\x00', 0x2600, 0x0)
sendfile(r5, r4, 0x0, 0x100000002)

04:08:51 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0xffffffff, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

[  689.373198][   T27] audit: type=1804 audit(1589170131.609:221): pid=24564 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/469/cgroup.controllers" dev="sda1" ino=16213 res=1
04:08:51 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x80085502, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:51 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:51 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x5000000, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:51 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$cgroup_ro(r1, &(0x7f0000000140)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
openat(r5, &(0x7f00000000c0)='./file0\x00', 0x100, 0x20)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r6, r3, 0x0, 0x100000002)

04:08:54 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:08:54 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x2, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:54 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x80086301, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:54 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1)
sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
epoll_create(0xfffffffd)
sendfile(r3, r1, 0x0, 0x100000002)

04:08:54 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x6000000, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:54 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x40085503, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  692.319323][   T27] audit: type=1804 audit(1589170134.559:222): pid=24628 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/471/cgroup.controllers" dev="sda1" ino=16186 res=1
04:08:54 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x5, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:54 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x80404507, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:54 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x6, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:54 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
dup(r1)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYRESOCT], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
write$binfmt_script(r1, &(0x7f0000000240)=ANY=[@ANYRES16=r2], 0x5b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/qat_adf_ctl\x00', 0x100, 0x0)
renameat2(r4, &(0x7f00000000c0)='./file0\x00', r5, &(0x7f0000000180)='./file0\x00', 0x2)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYRESHEX], 0x1c}}, 0x4000040)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
r9 = dup(r8)
ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200)
ioctl$VIDIOC_S_CTRL(r9, 0xc008561c, &(0x7f0000000200)={0x2, 0x3})
sendfile(r7, r6, 0x0, 0x100000002)

04:08:55 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x7000000, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:55 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x60, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

[  693.059723][ T9328] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  693.257455][ T9328] usb 3-1: device descriptor read/8, error -61
[  693.527558][ T9328] usb 3-1: device descriptor read/8, error -61
[  693.827270][ T9328] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  694.037252][ T9328] usb 3-1: device descriptor read/8, error -61
[  694.327205][ T9328] usb 3-1: device descriptor read/8, error -61
[  694.447285][ T9328] usb usb3-port1: attempt power cycle
[  695.177185][ T9328] usb 3-1: new high-speed USB device number 5 using dummy_hcd
04:08:57 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:08:57 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x8000000, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:57 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x8138ae83, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:57 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x500, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:57 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4008ae61, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:57 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x600, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

[  695.467115][ T9328] usb 3-1: device descriptor read/64, error 18
04:08:57 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc0045878, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:57 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x40000000, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:08:58 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x3f00, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:08:58 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000070603000000000000000000000040000500010007000000"], 0x1c}}, 0x0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x40c2, 0xd4)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r3=>0x0}, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000180)={0x4, 0x8000, 0xffffffff, 0x0, r3}, 0x10)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f00000000c0)={r3, 0x36, "30f17975556b466b637434f9b368635d6df282de23f49c578dbe6d3769b36101f58fa28333e78778ee88d71290a5c157096f291cdaf9"}, &(0x7f0000000140)=0x3e)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
openat$cachefiles(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cachefiles\x00', 0x800, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x5)
ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r5, 0xc0845658, &(0x7f0000000200)={0x0, @reserved})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r6, r1, 0x0, 0x100000002)

[  695.880145][ T9328] usb 3-1: device descriptor read/64, error 18
04:08:58 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc0045878, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  696.029882][   T27] audit: type=1804 audit(1589170138.269:223): pid=24737 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/473/cgroup.controllers" dev="sda1" ino=16218 res=1
04:08:58 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0xfc010000, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  696.124289][   T27] audit: type=1800 audit(1589170138.299:224): pid=24737 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16173 res=0
04:09:00 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc0085504, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:09:00 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x4000, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:09:00 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, 0x0)
ptrace$cont(0x7, r0, 0x0, 0x0)

04:09:00 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0xfdfdffff, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:09:00 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
dup(r1)
ioctl(r1, 0x80d, &(0x7f0000000140)="9f0bbda3329b9fb1b8cb1f30b22808b6bdf0eb067ea4a54da32056bff205be6c52306d1d581ed0e303968dad53ffe33f96b03f45bc763be7a844ab096a42228725789fa28a5b599fc5c37cce46c48d6515390a23577bb8e80b9c94906de56a0eefdc01e608bb68f2")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r3, r2, 0x0, 0x100000002)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
r6 = open(&(0x7f0000000000)='./file0\x00', 0x40c2, 0xd4)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r7=>0x0}, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000180)={0x4, 0x8000, 0xffffffff, 0x0, r7}, 0x10)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r5, 0x84, 0xf, &(0x7f0000000200)={r7, @in6={{0xa, 0x4e24, 0x8, @local, 0x7}}, 0xfffeffff, 0x3, 0x0, 0xbf, 0x8}, &(0x7f00000000c0)=0x98)

04:09:00 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4008ae6a, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  698.487569][   T27] audit: type=1804 audit(1589170140.729:225): pid=24787 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/474/cgroup.controllers" dev="sda1" ino=16036 res=1
04:09:00 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x6000, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

[  698.587466][   T27] audit: type=1800 audit(1589170140.809:226): pid=24793 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16098 res=0
04:09:00 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x80010, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r4, 0x10e, 0x8, &(0x7f00000000c0)=0x3, 0x4)

04:09:01 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc0085508, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:09:01 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0xff000000, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:09:01 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x6cf0, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:09:01 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc008ae05, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:09:01 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x7f00, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:09:01 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0xffff8000, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  699.654032][   T27] audit: type=1804 audit(1589170141.889:227): pid=24811 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/475/cgroup.controllers" dev="sda1" ino=15801 res=1
[  699.710589][   T27] audit: type=1804 audit(1589170141.919:228): pid=24817 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/475/cgroup.controllers" dev="sda1" ino=15801 res=1
[  699.768840][   T27] audit: type=1804 audit(1589170141.919:229): pid=24851 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/475/cgroup.controllers" dev="sda1" ino=15801 res=1
04:09:03 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, 0x0)
ptrace$cont(0x7, r0, 0x0, 0x0)

04:09:03 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc008ae67, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:09:03 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0xf06c, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:09:03 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0xfffffdfd, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:09:03 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='vegas\x00', 0x6)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = dup(r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r6, 0x114, 0xa, &(0x7f0000000140)={0x3, "dccf05"}, 0x4)
sendfile(r2, r1, 0x0, 0x100000002)

04:09:03 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4008ae89, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  701.624449][   T27] audit: type=1804 audit(1589170143.860:230): pid=24878 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/476/cgroup.controllers" dev="sda1" ino=16186 res=1
04:09:04 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x1000000, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:09:04 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc00caee0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:09:04 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:09:04 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x2000000, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:09:04 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100000003)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000780)={0x24, &(0x7f0000000680)=ANY=[@ANYBLOB="2022270000002721abfdf894f63dbee7cea1c79042296cf0245703003e41b9fbe19ea42f"], &(0x7f00000006c0)={0x0, 0x3, 0x34, @string={0x34, 0x3, "428e2a5857a02b8ddbb76034a3c781bf21346d0a096bfabe99cfb21b9f73245935ba2fa8d31ae7ca8caf0b91d0b2543877c6"}}, &(0x7f00000002c0)=ANY=[@ANYBLOB="002208dcc800000038a08b7e0f0bbc04"], &(0x7f0000000740)={0x0, 0x21, 0x9, {0x9, 0x21, 0xbf82, 0x0, 0x1, {0x22, 0x125}}}}, &(0x7f0000000940)={0x2c, &(0x7f00000007c0)={0x40, 0x0, 0x74, "d0edd2918c364ee52db39480ba462441ddbebde71882ae3a92f00e0e859e4c82cf8443e84cfc60c541080253753520260316cda8dd5d0a61cc44160d40e09ca1c255882b20d678621df1e13926110faa8c7577127f510c95597ad03794787d74e2f60bfa993fd91ab797a4f3fd5f0685868a9b44"}, &(0x7f0000000840)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000880)={0x0, 0x8, 0x1, 0x2}, &(0x7f00000008c0)={0x20, 0x1, 0xd, "895589719984098ab4e0255337"}, &(0x7f0000000900)={0x20, 0x3, 0x1}})
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f0000000280)=0x20, 0x4)
socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r0)
fallocate(r3, 0x0, 0x7, 0x1)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$IMGETVERSION(r5, 0x80044942, &(0x7f0000000140))
sendmsg$RDMA_NLDEV_CMD_SYS_GET(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0x18, 0x1406, 0x200, 0x70bd27, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0x4008040}, 0x400c050)

[  702.249127][   T27] audit: type=1804 audit(1589170144.480:231): pid=24911 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/477/cgroup.controllers" dev="sda1" ino=16312 res=1
04:09:04 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x5000000, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

[  704.037675][    T0] NOHZ: local_softirq_pending 08
04:09:06 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, 0x0)
ptrace$cont(0x7, r0, 0x0, 0x0)

04:09:06 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x2, &(0x7f0000d3c000/0x2000)=nil})

04:09:06 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc0185879, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:09:06 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x6000000, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:09:06 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$SNDRV_PCM_IOCTL_FORWARD(r3, 0x40084149, &(0x7f00000000c0)=0x5)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r4, r1, 0x0, 0x100000002)

04:09:06 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4008ae90, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  704.741056][   T27] audit: type=1804 audit(1589170146.980:232): pid=24955 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/478/cgroup.controllers" dev="sda1" ino=16175 res=1
04:09:07 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x3f000000, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:09:07 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc0189436, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:09:07 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)

04:09:07 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000d3c000/0x2000)=nil})

04:09:07 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x40000000, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:09:07 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x4, &(0x7f0000d3c000/0x2000)=nil})

[  705.977875][   T27] audit: type=1804 audit(1589170148.220:233): pid=24979 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/479/cgroup.controllers" dev="sda1" ino=16218 res=1
[  706.035115][   T27] audit: type=1804 audit(1589170148.220:234): pid=24984 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/479/cgroup.controllers" dev="sda1" ino=16218 res=1
[  706.120164][   T27] audit: type=1804 audit(1589170148.360:235): pid=25010 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/479/cgroup.controllers" dev="sda1" ino=16218 res=1
04:09:09 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x60000000, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:09:09 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0)

04:09:09 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc018aa06, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:09:09 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x5, &(0x7f0000d3c000/0x2000)=nil})

04:09:09 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
fcntl$F_SET_RW_HINT(r4, 0x40c, &(0x7f00000000c0)=0x2)

04:09:09 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4008af30, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  707.764004][   T27] audit: type=1804 audit(1589170150.000:236): pid=25030 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/480/cgroup.controllers" dev="sda1" ino=16192 res=1
04:09:10 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x6cf00000, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:09:10 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
write$FUSE_WRITE(r2, &(0x7f0000000140)={0x18, 0x0, 0x4, {0x1}}, 0x18)
r3 = creat(&(0x7f0000000180)='./file0\x00', 0x4)
ioctl$SOUND_MIXER_READ_RECSRC(r3, 0x80044dff, &(0x7f0000000200))
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcsa\x00', 0x509401, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r5, r4, 0x0, 0x100000002)

04:09:10 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc018aa3f, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:09:10 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x6, &(0x7f0000d3c000/0x2000)=nil})

04:09:10 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x7f000000, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:09:10 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)

04:09:10 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

[  708.670543][   T27] audit: type=1804 audit(1589170150.910:237): pid=25077 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/482/cgroup.controllers" dev="sda1" ino=16208 res=1
04:09:12 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x7, &(0x7f0000d3c000/0x2000)=nil})

04:09:12 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0)

04:09:12 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0xffffffff, 0x77fffb, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:09:12 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc0205647, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:09:12 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000070603000000000000000000000000000500010007000000a2495813676af9ddc4ecb8c31b6aa56ceda7a90dcf93f095ea6fa853452980f9a50a6a4f3c155e399d5cc0e8d5343e46cb9946b2b712da07e1868f6a9662437425d47152c3dc30760e69ccc45cfb1c0d9a4db6b6c1021c322a756cfb483677ec8f27e0e1394ab1c92fc72e21d71c076d6601f7b114ea880f1ab6"], 0x1c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)

04:09:12 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x40095505, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:09:13 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x400000, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:09:13 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(r5, 0xc0245720, &(0x7f0000000140))
ioctl$PPPIOCSFLAGS(0xffffffffffffffff, 0x40047459, &(0x7f0000000280)=0x80001)
ioctl$EVIOCRMFF(r3, 0x40044581, &(0x7f00000000c0)=0x1)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r6 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r6, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000240)=@keyring={'key_or_keyring:', 0x0, 0xa})
keyctl$clear(0x7, r6)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r7, r1, 0x0, 0x100000002)

04:09:13 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc020660b, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:09:13 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x53b000, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:09:13 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x8, &(0x7f0000d3c000/0x2000)=nil})

04:09:13 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000070603000000000000000000000000000500010007000000b30186af74efbe51c149bcf595580ed3869571591decaf2d2dc94ec54679635714338f3c2b3d"], 0x1c}}, 0x0)
getsockname$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, &(0x7f0000000140)=0x1c)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100000002)

04:09:13 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x743000, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

[  711.491779][   T27] audit: type=1804 audit(1589170153.730:238): pid=25156 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/485/cgroup.controllers" dev="sda1" ino=16312 res=1
04:09:16 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x2d}}, 0x34}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, &(0x7f0000000080)="6e6c2e4338d4da7ddd9b75eef7c86cd8fdd532a79d957f6288d1afc3dba406c2dd43e0f2ae26dce85b77dea9"}}, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0)

04:09:16 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc020aa00, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:09:16 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x1fc, &(0x7f0000d3c000/0x2000)=nil})

04:09:16 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x790000, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:09:16 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c00ca5ea2e924f4e088000000000000000000000500010007000000c4f13123594678eb17c62f7cf781796d3278c27bc12e5ca6eb5ea301807d8a7faeead8370f47ec85c455dc8310867307d3bc8aae6b40fa4fb835aeae69bb1f8dad73e7f240e249c8263b89"], 0x1c}}, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='attr/fscreate\x00')
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
write$RDMA_USER_CM_CMD_GET_EVENT(r4, &(0x7f0000000140)={0xc, 0x8, 0xfa00, {&(0x7f0000000200)}}, 0x10)
getresgid(&(0x7f0000000000), &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000180))
ioctl$TUNSETGROUP(r2, 0x400454ce, r5)
ioctl$TUNSETGROUP(r1, 0x400454ce, r5)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r6, r1, 0x0, 0x100000002)

04:09:16 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae67, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:09:16 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0xb90000, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

[  714.000912][   T27] audit: type=1804 audit(1589170156.241:239): pid=25198 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/486/cgroup.controllers" dev="sda1" ino=16183 res=1
04:09:16 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="9c0000000706030000000000000000000000ff7f0000010007000000"], 0x1c}}, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$SCSI_IOCTL_TEST_UNIT_READY(r3, 0x2)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
mmap(&(0x7f00002e6000/0x3000)=nil, 0x3000, 0x2000001, 0x30, r5, 0x85dce000)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r6, r1, 0x0, 0x100000002)

04:09:16 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x20000000, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

04:09:16 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0xc06864a1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil})

04:09:16 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x300, &(0x7f0000d3c000/0x2000)=nil})

[  714.378384][   T27] audit: type=1804 audit(1589170156.621:240): pid=25217 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir474264771/syzkaller.Mf08S4/487/cgroup.controllers" dev="sda1" ino=16205 res=1
[  714.409939][T25217] netlink: 136 bytes leftover after parsing attributes in process `syz-executor.2'.
04:09:17 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001240)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3633, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x21000000, 0x0, 0x743000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1)

[  715.699906][ T1932] ==================================================================
[  715.708028][ T1932] BUG: KCSAN: data-race in lruvec_lru_size / mem_cgroup_update_lru_size
[  715.716330][ T1932] 
[  715.718655][ T1932] write to 0xffff88812bd0b9e8 of 8 bytes by task 25195 on cpu 0:
[  715.726369][ T1932]  mem_cgroup_update_lru_size+0x97/0x110
[  715.731989][ T1932]  __activate_page+0x3f4/0x710
[  715.736741][ T1932]  pagevec_lru_move_fn+0xf5/0x170
[  715.741751][ T1932]  activate_page+0x2a6/0x370
[  715.746325][ T1932]  mark_page_accessed+0x29f/0x4f0
[  715.751327][ T1932]  unmap_page_range+0x9ea/0x1c50
[  715.756240][ T1932]  unmap_single_vma+0x13c/0x1f0
[  715.761106][ T1932]  unmap_vmas+0xe2/0x1b0
[  715.765365][ T1932]  exit_mmap+0x13e/0x2f0
[  715.769616][ T1932]  mmput+0xe2/0x260
[  715.773397][ T1932]  do_exit+0x644/0x11e0
[  715.777526][ T1932]  do_group_exit+0xae/0x1a0
[  715.782003][ T1932]  get_signal+0x2a7/0x1290
[  715.786392][ T1932]  do_signal+0x2b/0x840
[  715.790523][ T1932]  exit_to_usermode_loop+0x24a/0x2c0
[  715.795795][ T1932]  do_syscall_64+0x38b/0x3b0
[  715.800359][ T1932]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  715.806217][ T1932] 
[  715.808522][ T1932] read to 0xffff88812bd0b9e8 of 8 bytes by task 1932 on cpu 1:
[  715.816051][ T1932]  lruvec_lru_size+0xe8/0x1b0
[  715.820710][ T1932]  shrink_lruvec+0x170/0xd80
[  715.825273][ T1932]  shrink_node+0x30d/0x1000
[  715.829750][ T1932]  do_try_to_free_pages+0x230/0xb20
[  715.834919][ T1932]  try_to_free_pages+0x1e6/0x470
[  715.839838][ T1932]  __alloc_pages_slowpath.constprop.0+0x3b1/0xd90
[  715.846229][ T1932]  __alloc_pages_nodemask+0x2bd/0x300
[  715.851574][ T1932]  collapse_huge_page+0x9f/0x14f0
[  715.859959][ T1932]  khugepaged+0x2760/0x2850
[  715.864459][ T1932]  kthread+0x203/0x230
[  715.868503][ T1932]  ret_from_fork+0x1f/0x30
[  715.872898][ T1932] 
[  715.875383][ T1932] Reported by Kernel Concurrency Sanitizer on:
[  715.881524][ T1932] CPU: 1 PID: 1932 Comm: khugepaged Not tainted 5.7.0-rc1-syzkaller #0
[  715.889744][ T1932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  715.899773][ T1932] ==================================================================
[  715.907808][ T1932] Kernel panic - not syncing: panic_on_warn set ...
[  715.914380][ T1932] CPU: 1 PID: 1932 Comm: khugepaged Not tainted 5.7.0-rc1-syzkaller #0
[  715.922672][ T1932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  715.932707][ T1932] Call Trace:
[  715.936433][ T1932]  dump_stack+0x11d/0x187
[  715.940746][ T1932]  panic+0x210/0x640
[  715.944631][ T1932]  ? vprintk_func+0x89/0x13a
[  715.949202][ T1932]  kcsan_report.cold+0xc/0x1a
[  715.953862][ T1932]  kcsan_setup_watchpoint+0x3fb/0x440
[  715.959215][ T1932]  lruvec_lru_size+0xe8/0x1b0
[  715.963870][ T1932]  shrink_lruvec+0x170/0xd80
[  715.968442][ T1932]  ? __rcu_read_unlock+0x77/0x390
[  715.973443][ T1932]  ? mem_cgroup_iter+0xbc/0x450
[  715.978283][ T1932]  ? mem_cgroup_protected+0x2c4/0x3a0
[  715.983646][ T1932]  shrink_node+0x30d/0x1000
[  715.988158][ T1932]  do_try_to_free_pages+0x230/0xb20
[  715.994034][ T1932]  ? kvm_sched_clock_read+0x5/0x10
[  715.999127][ T1932]  try_to_free_pages+0x1e6/0x470
[  716.004048][ T1932]  __alloc_pages_slowpath.constprop.0+0x3b1/0xd90
[  716.010439][ T1932]  ? pagevec_lru_move_fn+0x159/0x170
[  716.015716][ T1932]  __alloc_pages_nodemask+0x2bd/0x300
[  716.021064][ T1932]  collapse_huge_page+0x9f/0x14f0
[  716.026080][ T1932]  ? debug_smp_processor_id+0x3f/0x129
[  716.031524][ T1932]  ? delay_tsc+0x8a/0xb0
[  716.035845][ T1932]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  716.041729][ T1932]  khugepaged+0x2760/0x2850
[  716.046239][ T1932]  ? finish_wait+0x80/0x80
[  716.050662][ T1932]  ? collapse_pte_mapped_thp+0x7c0/0x7c0
[  716.056271][ T1932]  kthread+0x203/0x230
[  716.060344][ T1932]  ? kthread_unpark+0xd0/0xd0
[  716.065055][ T1932]  ret_from_fork+0x1f/0x30
[  716.070967][ T1932] Kernel Offset: disabled
[  716.075288][ T1932] Rebooting in 86400 seconds..