{r4, 0x0, 0x2, r0}) r5 = dup3(r3, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:29:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:29:25 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newsa={0x140, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in6=@private1}, {@in6=@mcast2, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @etimer_thresh={0x8}]}, 0x140}}, 0x0) 00:29:25 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sysfs$3(0x3) 00:29:25 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0) r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:25 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, 0xffffffffffffffff, 0x0) ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:26 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = add_key$user(0x0, &(0x7f0000000580)={'syz'}, &(0x7f0000000280)="eb", 0x1, 0xffffffffffffffff) keyctl$revoke(0x3, r3) request_key(&(0x7f00000002c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) 00:29:26 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r0}) r5 = dup3(r3, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:29:26 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in6=@private1}, {@in6=@mcast2, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) 00:29:26 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:29:26 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in6=@private1}, {@in6=@mcast2, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) 00:29:26 executing program 3: msgrcv(0x0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000580)={{0x0}}) msgctl$IPC_SET(0x0, 0x1, 0x0) 00:29:26 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = add_key$user(&(0x7f0000000080)='user\x00', 0x0, &(0x7f0000000280)="eb", 0x1, 0xffffffffffffffff) keyctl$revoke(0x3, r3) request_key(&(0x7f00000002c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) 00:29:26 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in6=@private1}, {@in6=@mcast2, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) 00:29:26 executing program 2: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd(0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3, 0x0, 0x2, r0}) r4 = dup3(r2, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) 00:29:26 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newsa={0xf8, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in6=@private1}, {@in6=@mcast2, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {}, {}, {}, 0x0, 0x0, 0xa}, [@etimer_thresh={0x8}]}, 0xf8}}, 0x0) 00:29:26 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, 0xffffffffffffffff, 0x0) ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:26 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = add_key$user(&(0x7f0000000080)='user\x00', 0x0, &(0x7f0000000280)="eb", 0x1, 0xffffffffffffffff) keyctl$revoke(0x3, r3) request_key(&(0x7f00000002c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) 00:29:26 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000340)=0x203, 0x4) bind$inet(r0, &(0x7f0000000300)={0x2, 0x200000000004e23}, 0x10) socket$inet_icmp_raw(0x2, 0x3, 0x1) shutdown(0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='reno\x00', 0x73) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) creat(0x0, 0x0) ioctl$EVIOCGABS3F(0xffffffffffffffff, 0x8018457f, 0x0) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0xf012, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) write$binfmt_elf64(r0, &(0x7f0000000140)=ANY=[], 0xcd398530) 00:29:26 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newsa={0xf8, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in6=@private1}, {@in6=@mcast2, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {}, {}, {}, 0x0, 0x0, 0xa}, [@etimer_thresh={0x8}]}, 0xf8}}, 0x0) 00:29:26 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, 0xffffffffffffffff, 0x0) ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:26 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 00:29:26 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = add_key$user(&(0x7f0000000080)='user\x00', 0x0, &(0x7f0000000280)="eb", 0x1, 0xffffffffffffffff) keyctl$revoke(0x3, r3) request_key(&(0x7f00000002c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) 00:29:26 executing program 2: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd(0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3, 0x0, 0x2, r0}) r4 = dup3(r2, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) 00:29:26 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:26 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newsa={0xf8, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in6=@private1}, {@in6=@mcast2, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {}, {}, {}, 0x0, 0x0, 0xa}, [@etimer_thresh={0x8}]}, 0xf8}}, 0x0) 00:29:26 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000580)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) keyctl$revoke(0x3, r3) request_key(&(0x7f00000002c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) 00:29:26 executing program 2: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd(0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3, 0x0, 0x2, r0}) r4 = dup3(r2, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) 00:29:26 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:26 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 00:29:27 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x9}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x0, 0x21}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 00:29:27 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) signalfd(0xffffffffffffffff, 0x0, 0x0) 00:29:27 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:27 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000580)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) keyctl$revoke(0x3, r3) request_key(&(0x7f00000002c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) 00:29:27 executing program 2: r0 = eventfd(0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r0}) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:29:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 00:29:27 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:27 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000580)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) keyctl$revoke(0x3, r3) request_key(&(0x7f00000002c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) 00:29:27 executing program 2: r0 = eventfd(0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r0}) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:29:27 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x86a01780, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0x2, [@array, @volatile, @volatile, @fwd]}}, 0x0, 0x56}, 0x20) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x33) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:29:27 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 138.554473] *** Guest State *** [ 138.558576] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 138.579227] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 138.590722] CR3 = 0x00000000fffbc000 [ 138.595604] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 138.603936] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 138.610530] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 138.619006] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 138.629538] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 138.639355] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 138.648646] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 138.657148] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 138.668805] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 138.677340] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 138.690838] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 138.699954] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 138.710705] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 138.720011] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 138.728430] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 138.739116] Interruptibility = 00000000 ActivityState = 00000000 [ 138.751950] *** Host State *** [ 138.755928] RIP = 0xffffffff8116426f RSP = 0xffff88805fac79d0 [ 138.762962] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 138.770896] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000 [ 138.781093] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 138.791097] CR0=0000000080050033 CR3=00000000984eb000 CR4=00000000001426f0 [ 138.801094] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 138.810165] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 138.816217] *** Control State *** [ 138.820609] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 138.827366] EntryControls=0000d1ff ExitControls=002fefff [ 138.833536] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 138.840992] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 138.848256] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 138.854960] reason=80000021 qualification=0000000000000000 [ 138.863297] IDTVectoring: info=00000000 errcode=00000000 [ 138.869376] TSC Offset = 0xffffffb29e8aca88 [ 138.873695] EPT pointer = 0x000000008fdfc01e [ 138.879046] Virtual processor ID = 0x0001 00:29:30 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x9, [@fwd]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x0, 0x2d}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 00:29:30 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000580)={'syz'}, &(0x7f0000000280), 0x0, 0xffffffffffffffff) keyctl$revoke(0x3, r3) request_key(&(0x7f00000002c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) 00:29:30 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:30 executing program 2: r0 = eventfd(0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r0}) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:29:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:29:30 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000580)={'syz'}, &(0x7f0000000280), 0x0, 0xffffffffffffffff) keyctl$revoke(0x3, r3) request_key(&(0x7f00000002c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) 00:29:30 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:30 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000580)={'syz'}, &(0x7f0000000280), 0x0, 0xffffffffffffffff) keyctl$revoke(0x3, r3) request_key(&(0x7f00000002c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) 00:29:30 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r0, 0x0, r1) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980700009802000098020000030080000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001080200000000000000000000000000000000000000005001686173686c696d6974000000000000000000000000000800000000000002726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000fb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff0000000000000000000000000300000007000000000000000000000000000000480043540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000100000000000000000000000000000000ee00000000000000000000000000000000000000000000000000000000000000000000000000200000000000000500000000000400000000000000000000000000000070009000000000000000000000000000000000000000010020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) syz_emit_ethernet(0x3a, &(0x7f0000000000)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x10, 0x0, 0x0, 0x0, {[@window={0x3, 0x3}]}}}}}}}, 0x0) 00:29:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2}) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2}) [ 141.505716] *** Guest State *** 00:29:30 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000040)={0x0, 0x0, 0x14}) [ 141.529549] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 00:29:30 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:30 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000580)={'syz'}, &(0x7f0000000280)="eb", 0x1, 0xffffffffffffffff) keyctl$revoke(0x3, 0x0) request_key(&(0x7f00000002c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) 00:29:30 executing program 3: clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet(0x2, 0x3, 0x34) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000640)=@raw={'raw\x00', 0xc01, 0x3, 0x200, 0x0, 0x5002004a, 0x0, 0x0, 0x0, 0x168, 0x3c8, 0x3c8, 0x168, 0x3c8, 0x3, 0x0, {[{{@ip={@local, @private, 0x0, 0x0, 'bridge_slave_1\x00', 'netpci0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x60], 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x260) r1 = memfd_create(&(0x7f00000000c0)='$\xbbet\t\x00\x00\x00\x00\x00\x00\x00\x00e\x83\xfdr\xdaz!\xcf\xec\xfcS\xb2\xcf\n\xb0>\x95\x8f\x1614(s\xff\xff/\xc7\xb2\xa9\xa6\xb3\x92S\xfe\xd4\x890\xc3\x1b\xb8\xaa\xa1\xec\xcb%\xf6sh\xe6\x82\xc3\x1b\x8a,K4b\xc5\xc5\x12Nr_\xc2\xe1\xd7\xe42\x10\xf0C\xa0[\x7f\x99Is\x90+\xd2x\x87\xec\x1a\xd1\x03\'\xaa\x90\xe26\xbc6\xecf\xe1/\xd8\xed\xe2\xcb8U\xca\xaaIf\xcb\x05\xb0:^u\xd1b\xd1&\xc3\xfd=\xbd\xf3,wq\f7\x85e\xa8d\xdfx\xab\x05[\x11\xa0\xd36\x85\xac\xb5*\xf9\x80\x0e\x7f\xc0\x10;\x10\xe2\xc5\xe2b\x1b\xcb\n', 0x0) mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r1, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) rt_sigaction(0x7, &(0x7f0000b4a000)={0xfffffffffffffffd, 0x80000002, 0x0}, 0x0, 0x8, &(0x7f0000000000)) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180)='NLBL_MGMT\x00') syz_open_procfs(0x0, &(0x7f0000000340)='net/connector\x00') [ 141.574059] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 141.612791] CR3 = 0x00000000fffbc000 00:29:30 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0x1801, 0x4) sendmmsg(r0, &(0x7f0000006b40)=[{{0x0, 0x0, &(0x7f0000001fc0)=[{&(0x7f0000000040)="9c5963ce9528017c2751bbb55e04", 0xe}, {&(0x7f0000000240)="f0650ae0ae7df841a6954d3368b3415664637bf3d1c85fddf4431524634f665345bf772e8bc320c5b1d6b7b8c968750ca45084d4496d172b193084cc86fd91166cc2e84179c9aff3f732924c1a3ca3ecfaae20a5963eddadd0ecb27faf51dd7ec2b09bee4bb489ea425d3983789e84f15a680000c7a5cc612335093ce082f7c04d3199b8a75a3c2144e3ed143cf66025756069da0b35c4a90f880f442f24ae37dd5ccb2ffc2f0b66bfaf642a9fc12470f9e7601990bb8c6b3e6236", 0xbb}], 0x2}}], 0x1, 0x0) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27) [ 141.637104] RSP = 0x0000000000000000 RIP = 0x0000000000000000 00:29:30 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') [ 141.679016] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 141.714176] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 141.724523] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 141.733788] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 141.742909] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 141.774442] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 141.793533] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 141.804580] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 141.815195] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 141.824353] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 141.832724] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 141.841506] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 141.852819] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 141.860044] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 141.868953] Interruptibility = 00000000 ActivityState = 00000000 [ 141.875487] *** Host State *** [ 141.880434] RIP = 0xffffffff8116426f RSP = 0xffff8880552379d0 [ 141.886821] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 141.894882] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000 [ 141.905631] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 141.914159] CR0=0000000080050033 CR3=00000000a1079000 CR4=00000000001426e0 [ 141.922460] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 141.930345] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 141.937010] *** Control State *** [ 141.942445] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 141.950274] EntryControls=0000d1ff ExitControls=002fefff [ 141.964085] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 141.972128] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 141.980453] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 141.987371] reason=80000021 qualification=0000000000000000 [ 141.994308] IDTVectoring: info=00000000 errcode=00000000 [ 142.000310] TSC Offset = 0xffffffb10a17105d [ 142.004666] EPT pointer = 0x0000000091f9001e [ 142.012061] Virtual processor ID = 0x0001 00:29:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:29:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2}) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2}) 00:29:30 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000580)={'syz'}, &(0x7f0000000280)="eb", 0x1, 0xffffffffffffffff) keyctl$revoke(0x3, 0x0) request_key(&(0x7f00000002c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) 00:29:30 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:30 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) socket(0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000005540)=[{{0x0, 0xece40000, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0x20002323}], 0x1, 0x0, 0x24fa, 0x1f4}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:29:30 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:30 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000580)={'syz'}, &(0x7f0000000280)="eb", 0x1, 0xffffffffffffffff) keyctl$revoke(0x3, 0x0) request_key(&(0x7f00000002c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) [ 142.149018] *** Guest State *** [ 142.168097] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 00:29:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2}) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2}) 00:29:30 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x10, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:30 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000580)={'syz'}, &(0x7f0000000280)="eb", 0x1, 0xffffffffffffffff) keyctl$revoke(0x3, r3) request_key(0x0, &(0x7f0000000000)={'syz'}, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) [ 142.196574] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 142.243682] CR3 = 0x00000000fffbc000 [ 142.261028] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 142.282774] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 142.296871] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 142.311002] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 142.321238] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 142.330506] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 142.341370] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 142.357295] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 142.366114] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 142.375160] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 142.385977] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 142.403529] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 142.422836] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 142.440614] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 142.453495] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 142.476032] Interruptibility = 00000000 ActivityState = 00000000 [ 142.483441] *** Host State *** [ 142.488260] RIP = 0xffffffff8116426f RSP = 0xffff88805ba679d0 [ 142.495008] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 142.502665] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000003000 [ 142.511149] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 142.519182] CR0=0000000080050033 CR3=00000000a1079000 CR4=00000000001426e0 [ 142.534566] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 00:29:31 executing program 0: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$IPC_RMID(0x0, 0x2, 0x10) 00:29:31 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x10, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') [ 142.559809] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 142.584653] *** Control State *** [ 142.594406] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 142.610560] EntryControls=0000d1ff ExitControls=002fefff [ 142.616602] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 142.624886] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 142.633609] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 142.640490] reason=80000021 qualification=0000000000000000 [ 142.647192] IDTVectoring: info=00000000 errcode=00000000 [ 142.654748] TSC Offset = 0xffffffb0b20e84ad [ 142.659986] EPT pointer = 0x000000008748501e [ 142.665269] Virtual processor ID = 0x0001 00:29:31 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:29:31 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000580)={'syz'}, &(0x7f0000000280)="eb", 0x1, 0xffffffffffffffff) keyctl$revoke(0x3, r3) request_key(0x0, &(0x7f0000000000)={'syz'}, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) 00:29:31 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x10, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 142.816708] *** Guest State *** [ 142.820394] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 142.830194] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 142.841453] CR3 = 0x00000000fffbc000 [ 142.845458] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 142.851843] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 142.859136] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 142.870830] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 142.879051] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 142.888682] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 142.902392] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 00:29:31 executing program 3: syz_emit_ethernet(0x6e, &(0x7f0000000180)={@broadcast, @local, @val, {@ipv6}}, 0x0) 00:29:31 executing program 0: r0 = msgget$private(0x0, 0x2000000186) msgrcv(r0, 0x0, 0x1, 0x0, 0x0) execve(0x0, 0x0, 0x0) 00:29:31 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000580)={'syz'}, &(0x7f0000000280)="eb", 0x1, 0xffffffffffffffff) keyctl$revoke(0x3, r3) request_key(0x0, &(0x7f0000000000)={'syz'}, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) 00:29:31 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, 0xffffffffffffffff, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:31 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 142.926190] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 142.936128] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 142.964894] GDTR: limit=0x0000ffff, base=0x0000000000000000 00:29:31 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, 0xffffffffffffffff, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:31 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000580)={'syz'}, &(0x7f0000000280)="eb", 0x1, 0xffffffffffffffff) keyctl$revoke(0x3, r3) request_key(&(0x7f00000002c0)='user\x00', 0x0, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) 00:29:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 143.007915] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 143.016506] IDTR: limit=0x0000ffff, base=0x0000000000000000 00:29:31 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, 0xffffffffffffffff, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:31 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 143.061095] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 143.085135] ip_tables: iptables: counters copy to user failed while replacing table [ 143.097202] EFER = 0x0000000000000000 PAT = 0x0007040600070406 00:29:31 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000580)={'syz'}, &(0x7f0000000280)="eb", 0x1, 0xffffffffffffffff) keyctl$revoke(0x3, r3) request_key(&(0x7f00000002c0)='user\x00', 0x0, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) [ 143.120612] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 143.135547] ip_tables: iptables: counters copy to user failed while replacing table [ 143.141605] Interruptibility = 00000000 ActivityState = 00000000 [ 143.168958] *** Host State *** [ 143.183676] RIP = 0xffffffff8116426f RSP = 0xffff88805c4779d0 [ 143.203905] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 143.217217] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000003000 [ 143.226765] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 143.233431] CR0=0000000080050033 CR3=000000008be2e000 CR4=00000000001426e0 [ 143.241514] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 143.248806] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 143.254936] *** Control State *** [ 143.259380] PinBased=0000003f CPUBased=b6a1edfe SecondaryExec=000000e3 [ 143.272155] EntryControls=0000d1ff ExitControls=002fefff [ 143.278055] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 143.285064] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 143.293463] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 143.300624] reason=80000021 qualification=0000000000000000 [ 143.313403] IDTVectoring: info=00000000 errcode=00000000 00:29:32 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:29:32 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') [ 143.322737] TSC Offset = 0xffffffb056370d34 [ 143.340057] TPR Threshold = 0x00 [ 143.344080] EPT pointer = 0x000000009fa2501e [ 143.352264] Virtual processor ID = 0x0001 [ 143.416888] *** Guest State *** [ 143.427502] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 143.442986] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 143.462230] CR3 = 0x00000000fffbc000 [ 143.466228] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 143.473559] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 143.481606] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 143.491987] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 143.503158] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 143.513156] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 143.522710] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 143.532062] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 143.541821] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 143.550823] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 143.560368] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 143.572885] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 143.581345] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 143.590561] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 143.596971] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 143.605268] Interruptibility = 00000000 ActivityState = 00000000 [ 143.611866] *** Host State *** [ 143.615316] RIP = 0xffffffff8116426f RSP = 0xffff88805886f9d0 [ 143.622582] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 143.629362] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000 [ 143.637166] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 143.643632] CR0=0000000080050033 CR3=000000008be2e000 CR4=00000000001426f0 [ 143.651058] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 143.658028] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 143.664636] *** Control State *** [ 143.668316] PinBased=0000003f CPUBased=b6a1edfe SecondaryExec=000000e3 [ 143.675013] EntryControls=0000d1ff ExitControls=002fefff [ 143.680518] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 143.687440] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 143.694199] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 143.700946] reason=80000021 qualification=0000000000000000 [ 143.707346] IDTVectoring: info=00000000 errcode=00000000 [ 143.712850] TSC Offset = 0xffffffb004183857 [ 143.717267] TPR Threshold = 0x00 [ 143.720765] EPT pointer = 0x000000009f13601e [ 143.725267] Virtual processor ID = 0x0001 00:29:32 executing program 0: r0 = socket(0x1000000010, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB='D\x00\x00\x00,\x00\'\r\x00'/20, @ANYRES32, @ANYBLOB="0000000000000000f1ff0000080001006270660018000200060004"], 0x44}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 00:29:32 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000580)={'syz'}, &(0x7f0000000280)="eb", 0x1, 0xffffffffffffffff) keyctl$revoke(0x3, r3) request_key(&(0x7f00000002c0)='user\x00', 0x0, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) 00:29:32 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:32 executing program 2: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r0}) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:29:32 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:32 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 143.801143] ip_tables: iptables: counters copy to user failed while replacing table 00:29:32 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, &(0x7f0000000040)='/dev/ashmem\x00') 00:29:32 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:32 executing program 2: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r0}) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:29:32 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000580)={'syz'}, &(0x7f0000000280)="eb", 0x1, 0xffffffffffffffff) keyctl$revoke(0x3, r3) request_key(&(0x7f00000002c0)='user\x00', &(0x7f0000000000)={'syz'}, 0x0, 0x0) 00:29:32 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x4a, &(0x7f0000000040)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "25f290", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 00:29:32 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, 0x0) [ 143.917324] *** Guest State *** [ 143.930046] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 00:29:32 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, 0x0) [ 143.963875] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 143.967178] ip_tables: iptables: counters copy to user failed while replacing table [ 143.973281] syz-executor.0 (9209) used greatest stack depth: 24352 bytes left [ 144.002791] CR3 = 0x00000000fffbc000 00:29:32 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @multicast1}}}}}}, 0x26) socket$inet(0x2, 0x0, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 00:29:32 executing program 2: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r0}) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:29:32 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r1, &(0x7f0000000040)=0x100060, 0xffffa88f) [ 144.013132] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 144.029474] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 144.042927] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 144.061591] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 00:29:32 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 144.105040] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 144.119172] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 144.127380] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 144.161612] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 144.195245] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 144.202902] ip_tables: iptables: counters copy to user failed while replacing table [ 144.215154] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 144.245564] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 144.268541] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 144.276959] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 144.291228] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 144.298177] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 144.312861] Interruptibility = 00000000 ActivityState = 00000000 [ 144.321311] *** Host State *** [ 144.324638] RIP = 0xffffffff8116426f RSP = 0xffff8880597a79d0 [ 144.336916] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 144.355041] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000 [ 144.367426] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 144.379841] CR0=0000000080050033 CR3=00000000a5430000 CR4=00000000001426e0 [ 144.390536] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 144.401713] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 144.411230] *** Control State *** [ 144.415154] PinBased=0000003f CPUBased=b6a1edfe SecondaryExec=000000e3 [ 144.423186] EntryControls=0000d1ff ExitControls=002fefff [ 144.429765] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 144.436872] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 144.444461] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 144.451162] reason=80000021 qualification=0000000000000000 [ 144.457948] IDTVectoring: info=00000000 errcode=00000000 [ 144.463568] TSC Offset = 0xffffffafbfcadc9f [ 144.468356] TPR Threshold = 0x00 00:29:33 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:29:33 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, 0x0) 00:29:33 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:29:33 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r1, &(0x7f0000000040)=0x100060, 0xffffa88f) 00:29:33 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 144.471809] EPT pointer = 0x0000000097cd901e [ 144.476301] Virtual processor ID = 0x0001 00:29:33 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000540)=0xffff, 0x118) socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f00000002c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[], 0xff99) 00:29:33 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 144.556522] ip_tables: iptables: counters copy to user failed while replacing table 00:29:33 executing program 0: syz_emit_ethernet(0x4e, &(0x7f00000001c0)={@broadcast, @random="d71c9edd8285", @val, {@ipv6}}, 0x0) syz_emit_ethernet(0xe, &(0x7f00000001c0)=ANY=[@ANYBLOB="ffffffffffffffffffffffff88e7"], 0x0) syz_extract_tcp_res(0x0, 0x0, 0x0) r0 = socket(0x18, 0x0, 0x0) sendmsg(r0, 0x0, 0x0) setsockopt(r0, 0x7, 0x2, &(0x7f00000000c0)="09e646bdcf6cf6d05c44f0880d70f1b2dc499ae8e1b8ff3f8a235d1add27ff0b58b5c973ec043002568f6e3132dc335b", 0x30) syz_extract_tcp_res(&(0x7f0000000040), 0x8, 0xfffff800) [ 144.671247] *** Guest State *** [ 144.683188] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 144.733533] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 144.767093] CR3 = 0x00000000fffbc000 [ 144.775795] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 144.785304] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 144.795574] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 144.805507] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 144.814660] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 144.823767] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 144.832607] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 144.842208] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 144.850815] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 144.859591] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 144.868152] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 144.876941] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 144.885547] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 144.895169] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 144.902058] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 144.909954] Interruptibility = 00000000 ActivityState = 00000000 [ 144.916527] *** Host State *** [ 144.920576] RIP = 0xffffffff8116426f RSP = 0xffff88805646f9d0 [ 144.928018] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 144.936956] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000 [ 144.945063] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 144.951229] CR0=0000000080050033 CR3=000000009f756000 CR4=00000000001426e0 [ 144.959206] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 144.966263] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 144.973098] *** Control State *** [ 144.976673] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 00:29:33 executing program 4: 00:29:33 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:33 executing program 0: msgrcv(0x0, 0x0, 0x1, 0x0, 0x0) 00:29:33 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 144.983977] EntryControls=0000d1ff ExitControls=002fefff [ 144.998946] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 145.007966] ip_tables: iptables: counters copy to user failed while replacing table [ 145.019672] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 145.046075] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 145.064986] reason=80000021 qualification=0000000000000000 [ 145.073049] IDTVectoring: info=00000000 errcode=00000000 [ 145.086386] TSC Offset = 0xffffffaf58a3cad4 [ 145.094106] EPT pointer = 0x000000009fc4201e [ 145.101174] Virtual processor ID = 0x0001 00:29:33 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:29:33 executing program 1: r0 = socket(0x2, 0x1, 0x0) r1 = socket(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0xffff, 0x20, &(0x7f0000000000)=0x9, 0x4) connect$unix(r1, &(0x7f0000000480)=ANY=[@ANYBLOB="82022e2fac1400ff"], 0x10) dup2(r1, r0) write(r0, 0x0, 0x0) 00:29:33 executing program 4: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x3, &(0x7f00000001c0)=0x0) r1 = socket(0x23, 0x805, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) io_submit(r0, 0x1, &(0x7f0000000080)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, r1, 0x0}]) 00:29:33 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:33 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r0}) r5 = dup3(r3, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 145.205821] ip_tables: iptables: counters copy to user failed while replacing table 00:29:33 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r0}) r5 = dup3(r3, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:29:33 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0xffffffffffffff18, &(0x7f0000000100)=[{&(0x7f0000000000)="2f0000001c0005c5ffffff000d000000020000000b000000ec0091c913000180f0ffffeb", 0x1dd}], 0x1}, 0x0) r0 = socket(0x10, 0x80002, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="fc0000001c00071bab0925000900070007ab08000c000000f0007e93210001c000000000000000000000000000039915fa2c1ec28670e9889bb94b46fe0000000a0002", 0xff82) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x3, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) [ 145.262051] *** Guest State *** [ 145.278728] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 00:29:33 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:33 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r0}) r5 = dup3(r3, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 145.315558] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 145.337980] CR3 = 0x00000000fffbc000 [ 145.353283] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.1'. 00:29:34 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000700)=ANY=[@ANYBLOB="850000004f0000003f00000000000000950000e600000000002ce85fbf62c21eb4d98183dd3cd58ee1c9486c70bfaa1247417d558865039af3167020c7e2b2ea81dde11ccf869c0d8d4add1f02645b52cd5fa052ac6f1ce71eb092d6aa8833238d4a93920365dcde4b45165c2e028bfb5b5a17ff386243a1132d2c5311e44c54db5d3c8609000000f9d3a29971f06cf45869c081787f6260b6b21954551f5ed4dac7a39847d928f5f33da89fb166ecf6db637f00c589cac9b82cb7b75c59f624db94a7a9dd3f02000063615afe063e594e53feebf5ae0ea05ad7af1c5072d32e703540fbc68c0f196fa03776675a80f4729390d8b2c6649ffd2193a0e0c7c92f01909e610855e3b8757b7d43f4e59362b7be89fe308d284093ec4116cad00a9ac353ff1062ec17ce9bf3ad22dfe602b8321de68036c7f6cb0000009133cfd2aa8f00000000000000000000000012000000000000884ecfe51079f89a73ac251dda5dbc2592358ad104773e04ae9d0734c1837fb8f6d61a00000000008ed72e60cc1957b0ea3043c437902311b2040146c73cadb810a9bb28ca8dcba4376f58eb2cf7eed78906000000000000000000005c1c22d1b5bfec8cc93637a11626ee601cdfcf292bf8da1c7e4d2e92463b00006cb4d35e59521e99e5516fe0b1949d8b6b8d28c087a8114e2c76142335b95b72e041be5de40f7a017948cad6ee7b5a0797b2f3b4dd2edc52a75c973fe9e30d9c9b7416c16ca58ce584a90000fb0fa72324cc8df57472db79d2dd37145c3b4a7d51108205d6e17f5b28161d26bef89ac179b5b1b759b4a959f134adb0ef477810fd0cfceaeaf29dee1a538b0b443e6a4cbb3eeab7c4aa2aa6298b707428489c249f69b335962fb93caabd16523f51215bcd18b56234f7fd054173e99f64b7dd084d5271a675a8255c73"], &(0x7f0000000000)='GPL\x00', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="263abd03d8ee2fe50655a15c88a8", 0x0, 0x3ff}, 0x28) [ 145.370459] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 145.387582] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 145.402498] device ip6gretap0 entered promiscuous mode [ 145.414125] ip_tables: iptables: counters copy to user failed while replacing table [ 145.422407] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.1'. [ 145.426177] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 145.471929] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 145.516527] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 145.553700] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 145.588525] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 145.628398] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 145.639622] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 145.648954] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 145.657165] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 145.667963] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 145.679153] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 145.687260] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 145.695046] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 145.704031] Interruptibility = 00000000 ActivityState = 00000000 [ 145.711573] *** Host State *** [ 145.716818] RIP = 0xffffffff8116426f RSP = 0xffff888055fff9d0 [ 145.724192] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 145.731439] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000 [ 145.740127] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 145.746152] CR0=0000000080050033 CR3=00000000886e3000 CR4=00000000001426e0 [ 145.754233] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 145.761655] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 145.769435] *** Control State *** [ 145.773018] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 145.780971] EntryControls=0000d1ff ExitControls=002fefff [ 145.787161] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 145.795111] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 145.802520] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 145.810212] reason=80000021 qualification=0000000000000000 [ 145.816654] IDTVectoring: info=00000000 errcode=00000000 [ 145.823915] TSC Offset = 0xffffffaf07822017 [ 145.829133] EPT pointer = 0x00000000a107901e [ 145.833909] Virtual processor ID = 0x0001 00:29:34 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pread64(0xffffffffffffffff, 0x0, 0x127, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) r2 = open(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) r3 = openat$cgroup_subtree(r2, &(0x7f0000000080)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f00000000c0)={[{0x2d, 'pids'}]}, 0x7) 00:29:34 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 145.850444] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.1'. [ 145.860534] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.1'. 00:29:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:29:34 executing program 4: getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x1000000000000, &(0x7f00000000c0)={0x2, 0x800000000000004, 0x400000, 0x1}, 0x40) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$FOU_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={r0, &(0x7f00000000c0), 0x0}, 0x20) 00:29:34 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:34 executing program 0: 00:29:34 executing program 4: [ 145.957056] ip_tables: iptables: counters copy to user failed while replacing table 00:29:34 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0xffffffffffffff18, &(0x7f0000000100)=[{&(0x7f0000000000)="2f0000001c0005c5ffffff000d000000020000000b000000ec0091c913000180f0ffffeb", 0x1dd}], 0x1}, 0x0) r0 = socket(0x10, 0x80002, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="fc0000001c00071bab0925000900070007ab08000c000000f0007e93210001c000000000000000000000000000039915fa2c1ec28670e9889bb94b46fe0000000a0002", 0xff82) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x3, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) 00:29:34 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 146.016008] *** Guest State *** [ 146.030307] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 00:29:34 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:29:34 executing program 4: 00:29:34 executing program 0: [ 146.080664] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 146.100758] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.1'. 00:29:34 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:34 executing program 0: [ 146.139468] CR3 = 0x00000000fffbc000 [ 146.144521] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.1'. [ 146.160173] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 146.177855] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 146.207597] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 146.240052] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 146.261705] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 146.286053] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 146.308863] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 146.331795] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 146.350693] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 146.376172] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 146.385634] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 146.419547] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 146.450926] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 146.496161] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 146.504178] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 146.512996] Interruptibility = 00000000 ActivityState = 00000000 [ 146.523999] *** Host State *** [ 146.529228] RIP = 0xffffffff8116426f RSP = 0xffff88805526f9d0 [ 146.535878] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 146.545364] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000 [ 146.554016] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 146.561454] CR0=0000000080050033 CR3=0000000092020000 CR4=00000000001426e0 [ 146.568714] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 146.575942] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 146.583032] *** Control State *** [ 146.586509] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 146.593675] EntryControls=0000d1ff ExitControls=002fefff [ 146.599585] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 146.607822] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 146.614985] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 146.622699] reason=80000021 qualification=0000000000000000 [ 146.630763] IDTVectoring: info=00000000 errcode=00000000 [ 146.637173] TSC Offset = 0xffffffae9fbf0eb5 00:29:35 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000080)) dup3(0xffffffffffffffff, r1, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:29:35 executing program 4: 00:29:35 executing program 0: 00:29:35 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:29:35 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:35 executing program 1: [ 146.643131] EPT pointer = 0x0000000087d6a01e [ 146.647744] Virtual processor ID = 0x0001 00:29:35 executing program 1: 00:29:35 executing program 4: 00:29:35 executing program 0: 00:29:35 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:35 executing program 0: 00:29:35 executing program 4: [ 146.783363] *** Guest State *** [ 146.798851] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 146.853446] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 146.873592] CR3 = 0x00000000fffbc000 [ 146.886846] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 146.894036] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 146.900974] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 146.909742] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 146.919393] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 146.928395] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 146.937322] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 146.948126] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 146.956785] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 146.966398] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 146.975993] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 146.985503] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 146.995168] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 147.004987] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 147.015578] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 147.024565] Interruptibility = 00000000 ActivityState = 00000000 [ 147.032181] *** Host State *** [ 147.035519] RIP = 0xffffffff8116426f RSP = 0xffff88805422f9d0 [ 147.043568] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 147.050939] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000 [ 147.059733] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 147.066002] CR0=0000000080050033 CR3=00000000a5bd2000 CR4=00000000001426e0 [ 147.077153] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 147.089324] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 147.096167] *** Control State *** [ 147.099719] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 147.107739] EntryControls=0000d1ff ExitControls=002fefff [ 147.114404] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 147.122775] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 147.130132] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 147.137001] reason=80000021 qualification=0000000000000000 [ 147.144512] IDTVectoring: info=00000000 errcode=00000000 00:29:35 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000080)) dup3(0xffffffffffffffff, r1, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:29:35 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, 0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:29:35 executing program 1: 00:29:35 executing program 3: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:35 executing program 4: 00:29:35 executing program 0: [ 147.152288] TSC Offset = 0xffffffae36c59940 [ 147.157104] EPT pointer = 0x000000009531001e [ 147.161597] Virtual processor ID = 0x0001 00:29:35 executing program 0: 00:29:35 executing program 1: 00:29:35 executing program 4: 00:29:35 executing program 3: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:35 executing program 4: 00:29:35 executing program 0: [ 147.310778] *** Guest State *** [ 147.325521] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 147.351201] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 147.386539] CR3 = 0x00000000fffbc000 [ 147.396893] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 147.404626] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 147.415522] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 147.423979] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 147.437002] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 147.446085] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 147.458450] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 147.472361] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 147.492274] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 147.502112] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 147.517090] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 147.526755] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 147.539912] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 147.550537] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 147.557042] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 147.566205] Interruptibility = 00000000 ActivityState = 00000000 [ 147.572939] *** Host State *** [ 147.576222] RIP = 0xffffffff8116426f RSP = 0xffff888053baf9d0 [ 147.582790] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 147.589435] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000 [ 147.597337] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 147.603395] CR0=0000000080050033 CR3=0000000090752000 CR4=00000000001426f0 [ 147.610550] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 147.617212] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 147.623533] *** Control State *** [ 147.627029] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 147.633797] EntryControls=0000d1ff ExitControls=002fefff [ 147.640081] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 00:29:36 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000080)) dup3(0xffffffffffffffff, r1, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:29:36 executing program 1: 00:29:36 executing program 3: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:36 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, 0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:29:36 executing program 4: 00:29:36 executing program 0: [ 147.647462] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 147.654376] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 147.661018] reason=80000021 qualification=0000000000000000 [ 147.667342] IDTVectoring: info=00000000 errcode=00000000 [ 147.673020] TSC Offset = 0xffffffadef079b6b [ 147.677363] EPT pointer = 0x00000000a4e3401e [ 147.681960] Virtual processor ID = 0x0001 00:29:36 executing program 0: 00:29:36 executing program 1: 00:29:36 executing program 4: 00:29:36 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:36 executing program 0: [ 147.769425] *** Guest State *** [ 147.775977] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 00:29:36 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, 0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 147.843226] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 147.867056] CR3 = 0x00000000fffbc000 [ 147.882579] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 147.891725] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 147.900170] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 147.907032] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 147.923137] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 147.932861] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 147.946484] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 147.969073] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 147.977313] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 147.990204] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 148.000555] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 148.012964] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 148.022752] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 148.033962] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 148.042570] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 148.053478] Interruptibility = 00000000 ActivityState = 00000000 [ 148.061415] *** Host State *** [ 148.064634] RIP = 0xffffffff8116426f RSP = 0xffff88805505f9d0 [ 148.079688] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 148.086217] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000 [ 148.108978] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 148.123689] CR0=0000000080050033 CR3=0000000090752000 CR4=00000000001426f0 [ 148.132248] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 148.139357] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 148.145536] *** Control State *** [ 148.149354] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 00:29:36 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)) dup3(r2, r1, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 00:29:36 executing program 4: 00:29:36 executing program 1: 00:29:36 executing program 0: 00:29:36 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:36 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 148.156133] EntryControls=0000d1ff ExitControls=002fefff [ 148.162600] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 148.169843] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 148.176529] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 148.183174] reason=80000021 qualification=0000000000000000 [ 148.189761] IDTVectoring: info=00000000 errcode=00000000 [ 148.195212] TSC Offset = 0xffffffadb0ac85b3 [ 148.199674] EPT pointer = 0x00000000924aa01e [ 148.204094] Virtual processor ID = 0x0001 00:29:36 executing program 4: 00:29:36 executing program 0: 00:29:36 executing program 1: 00:29:36 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 148.303838] *** Guest State *** 00:29:36 executing program 4: [ 148.325967] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 00:29:37 executing program 0: [ 148.374919] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 148.416232] CR3 = 0x00000000fffbc000 [ 148.421413] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 148.435323] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 148.443471] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 148.452622] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 148.463179] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 148.473323] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 148.483200] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 148.501481] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 148.517236] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 148.534452] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 148.560214] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 148.580532] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 148.588767] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 148.597194] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 148.604823] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 148.613748] Interruptibility = 00000000 ActivityState = 00000000 [ 148.620248] *** Host State *** [ 148.623991] RIP = 0xffffffff8116426f RSP = 0xffff888052fc79d0 [ 148.631087] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 148.638456] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000034000 [ 148.646680] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 148.653182] CR0=0000000080050033 CR3=000000008f925000 CR4=00000000001426f0 [ 148.660616] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 148.667485] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 148.675992] *** Control State *** [ 148.679580] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 148.686973] EntryControls=0000d1ff ExitControls=002fefff [ 148.693495] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 148.702281] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 00:29:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)) dup3(r2, r1, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 00:29:37 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:29:37 executing program 1: 00:29:37 executing program 4: 00:29:37 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:37 executing program 0: [ 148.709496] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 148.720013] reason=80000021 qualification=0000000000000000 [ 148.727908] IDTVectoring: info=00000000 errcode=00000000 [ 148.735220] TSC Offset = 0xffffffad66af584f [ 148.740133] EPT pointer = 0x00000000a384701e [ 148.744697] Virtual processor ID = 0x0001 00:29:37 executing program 1: 00:29:37 executing program 4: 00:29:37 executing program 0: 00:29:37 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:37 executing program 0: 00:29:37 executing program 1: [ 148.861936] *** Guest State *** [ 148.874184] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 148.893170] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 148.942621] CR3 = 0x00000000fffbc000 [ 148.962845] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 148.975075] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 148.990935] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 148.998238] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 149.006770] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 149.015978] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 149.025200] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 149.033945] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 149.043492] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 149.053359] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 149.063122] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 149.073463] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 149.082753] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 149.098084] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 149.104636] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 149.112446] Interruptibility = 00000000 ActivityState = 00000000 [ 149.119359] *** Host State *** [ 149.122658] RIP = 0xffffffff8116426f RSP = 0xffff88805cba79d0 [ 149.134961] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 149.144935] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000 [ 149.154769] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 149.160848] CR0=0000000080050033 CR3=00000000a778c000 CR4=00000000001426f0 [ 149.168407] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 149.175223] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 149.181423] *** Control State *** [ 149.184869] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 149.191670] EntryControls=0000d1ff ExitControls=002fefff 00:29:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)) dup3(r2, r1, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 00:29:37 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:37 executing program 4: 00:29:37 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:29:37 executing program 0: 00:29:37 executing program 1: [ 149.197111] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 149.204128] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 149.211056] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 149.217705] reason=80000021 qualification=0000000000000000 [ 149.224033] IDTVectoring: info=00000000 errcode=00000000 [ 149.229526] TSC Offset = 0xffffffad1beed252 [ 149.233845] EPT pointer = 0x000000009ee9001e [ 149.238319] Virtual processor ID = 0x0001 00:29:37 executing program 0: 00:29:37 executing program 4: 00:29:37 executing program 1: 00:29:37 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x228, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x70, 0xe0}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x288) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:37 executing program 4: 00:29:38 executing program 1: [ 149.388883] *** Guest State *** [ 149.426114] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 149.454356] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 149.464427] CR3 = 0x00000000fffbc000 [ 149.473172] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 149.481693] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 149.492144] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 149.500224] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 149.512422] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 149.522111] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 149.534182] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 149.543706] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 149.556141] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 149.571743] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 149.581877] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 149.594957] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 149.604010] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 149.616967] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 149.624323] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 149.633051] Interruptibility = 00000000 ActivityState = 00000000 [ 149.639503] *** Host State *** [ 149.642834] RIP = 0xffffffff8116426f RSP = 0xffff88805b96f9d0 [ 149.649873] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 149.656386] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000034000 [ 149.664416] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 149.670988] CR0=0000000080050033 CR3=00000000948ce000 CR4=00000000001426f0 [ 149.678152] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 149.684813] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 149.690954] *** Control State *** [ 149.694747] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 149.701478] EntryControls=0000d1ff ExitControls=002fefff [ 149.707109] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 149.714655] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 149.721643] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 00:29:38 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) dup3(r1, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:29:38 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x228, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x70, 0xe0}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x288) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:38 executing program 1: 00:29:38 executing program 4: 00:29:38 executing program 0: 00:29:38 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x0, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 149.728323] reason=80000021 qualification=0000000000000000 [ 149.735472] IDTVectoring: info=00000000 errcode=00000000 [ 149.741481] TSC Offset = 0xffffffacd37a92b5 [ 149.745834] EPT pointer = 0x00000000a663a01e [ 149.750926] Virtual processor ID = 0x0001 00:29:38 executing program 1: 00:29:38 executing program 0: 00:29:38 executing program 4: 00:29:38 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x228, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x70, 0xe0}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x288) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:38 executing program 1: 00:29:38 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) dup3(r1, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:29:38 executing program 4: 00:29:38 executing program 0: 00:29:38 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x0, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:29:38 executing program 0: 00:29:38 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:38 executing program 1: 00:29:38 executing program 4: 00:29:38 executing program 0: 00:29:38 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) dup3(r1, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:29:38 executing program 1: 00:29:38 executing program 4: 00:29:38 executing program 0: 00:29:38 executing program 1: [ 150.027722] xt_hashlimit: overflow, try lower: 0/0 00:29:38 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:38 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x0, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:29:38 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:29:38 executing program 4: 00:29:38 executing program 1: 00:29:38 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 150.108501] xt_hashlimit: overflow, try lower: 0/0 00:29:38 executing program 0: 00:29:38 executing program 4: 00:29:38 executing program 1: 00:29:38 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 150.184132] xt_hashlimit: overflow, try lower: 0/0 00:29:38 executing program 1: 00:29:38 executing program 4: 00:29:38 executing program 0: 00:29:38 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 150.264845] *** Guest State *** [ 150.300820] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 150.320233] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 150.331502] CR3 = 0x00000000fffbc000 [ 150.335824] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 150.346159] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 150.354707] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 150.365947] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 150.376131] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 150.389086] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 150.400966] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 150.410739] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 150.422417] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 150.432538] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 150.444646] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 150.455540] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 150.467064] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 150.483399] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 150.496326] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 150.507865] Interruptibility = 00000000 ActivityState = 00000000 [ 150.514243] *** Host State *** [ 150.523011] RIP = 0xffffffff8116426f RSP = 0xffff8880596779d0 [ 150.531198] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 150.545345] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000003000 [ 150.563887] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 150.570931] CR0=0000000080050033 CR3=0000000091d88000 CR4=00000000001426e0 [ 150.582282] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 150.590428] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 150.596599] *** Control State *** [ 150.607489] PinBased=0000003f CPUBased=b6a1edfe SecondaryExec=000000e3 [ 150.633731] EntryControls=0000d1ff ExitControls=002fefff [ 150.678408] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 150.704121] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 150.711334] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 150.718681] reason=80000021 qualification=0000000000000000 [ 150.725288] IDTVectoring: info=00000000 errcode=00000000 [ 150.733191] TSC Offset = 0xffffffac5a245b68 [ 150.737841] TPR Threshold = 0x00 [ 150.741327] EPT pointer = 0x000000009b67e01e [ 150.745837] Virtual processor ID = 0x0001 00:29:39 executing program 5: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)) dup3(r2, r0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 00:29:39 executing program 0: 00:29:39 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:39 executing program 4: 00:29:39 executing program 1: 00:29:39 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:29:39 executing program 4: 00:29:39 executing program 1: 00:29:39 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:39 executing program 0: 00:29:39 executing program 1: 00:29:39 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_GET_LINKS(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x5, 0x0, 0x0, 0x0, 0x0, {{}, {}, {0x8}}}, 0x24}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_PIT(0xffffffffffffffff, 0xc048ae65, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) 00:29:39 executing program 5: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)) dup3(r2, r0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 00:29:39 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:39 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:29:39 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast5)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94", 0x5) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r3, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r3, &(0x7f0000001d40)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000001c0)=""/225, 0xe1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f00000004c0)=""/54, 0x36}, {&(0x7f0000000500)=""/100, 0x64}, {&(0x7f0000000580)=""/225, 0xe1}], 0x3}}], 0x2, 0x0, 0x0) 00:29:39 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000007c0)=@newlink={0x38, 0x10, 0xe3b, 0x0, 0x0, {0xea}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6gretap={{0xe, 0x1, 'ip6gretap\x00'}, {0x4}}}]}, 0x38}}, 0x0) 00:29:39 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:39 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x19) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x12) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1}}, {{@in6=@rand_addr=' \x01\x00'}, 0x0, @in6=@loopback}}, 0xe8) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000002c0)=ANY=[@ANYBLOB="e0000002ac1414aa0000000002"], 0x18) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000200)=""/148, 0x94}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') preadv(r1, &(0x7f0000000480), 0x10000000000002a1, 0x0) 00:29:39 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:39 executing program 5: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)) dup3(r2, r0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 00:29:39 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:29:39 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/4111, 0x100f}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) pkey_free(0xffffffffffffffff) 00:29:39 executing program 4: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x135}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 00:29:39 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:39 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) r4 = syz_genetlink_get_family_id$team(&(0x7f00000003c0)='team\x00') r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x58, r4, 0x1, 0x0, 0x0, {0x1, 0x6c00000000000000}, [{{0x8, 0x1, r3}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x5}, {0x8}}}]}}]}, 0x58}}, 0x0) 00:29:39 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 151.222778] net_ratelimit: 1 callbacks suppressed [ 151.222783] ip_tables: iptables: counters copy to user failed while replacing table 00:29:39 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:29:39 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:40 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x19) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x12) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1, 0x0, 0xfffd}}, {{@in6=@rand_addr=' \x01\x00'}, 0x0, @in6=@loopback}}, 0xe8) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000002c0)=ANY=[@ANYBLOB="e0000002ac1414aa0000000002"], 0x18) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000200)=""/148, 0x94}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') preadv(r1, &(0x7f0000000480), 0x10000000000002a1, 0x0) 00:29:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:29:40 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 151.404003] ip_tables: iptables: counters copy to user failed while replacing table 00:29:40 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:29:40 executing program 1: connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x12) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1, 0x0, 0xfffd}, {0x0, 0x0, 0x0, 0x10000000000}}, {{@in6=@rand_addr=' \x01\x00'}, 0x0, @in6=@loopback}}, 0xe8) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000200)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) 00:29:40 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f00000000c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 151.531949] ip_tables: iptables: counters copy to user failed while replacing table 00:29:42 executing program 4: openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) io_setup(0x9, &(0x7f0000000240)=0x0) connect$can_bcm(r0, &(0x7f0000000140), 0x10) socket$inet_udplite(0x2, 0x2, 0x88) io_submit(r1, 0x2, &(0x7f0000000080)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000200)="0500000093c21faf16da39de706f646800580f02000000003f420f000000000000580f02000000003f420f000000000000ffffffff000000", 0x20000238}]) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000200)={0x3, 0x40, 0xfa04, {{0x6000000, 0x0, 0x0, @private1}, {0xa, 0x0, 0x0, @dev}}}, 0x48) pipe(&(0x7f0000000200)) io_submit(r1, 0x2000000000000072, &(0x7f0000000080)) 00:29:42 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:29:42 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:42 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x19) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x12) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1}}, {{@in6=@rand_addr=' \x01\x00'}, 0x0, @in6=@loopback}}, 0xe8) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000002c0)=ANY=[@ANYBLOB="e0000002ac1414aa0000000002"], 0x18) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000200)=""/148, 0x94}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') preadv(r1, &(0x7f0000000480), 0x10000000000002a1, 0x0) 00:29:42 executing program 0: open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) syz_mount_image$minix(&(0x7f00000000c0)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f00000001c0)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000bc0)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494febcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fd36ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132abf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bf19e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e67da57123717b2dc1ab692e577", 0x316, 0x34f9}], 0x0, 0x0) truncate(&(0x7f0000000400)='./file0\x00', 0x8) 00:29:42 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r0}) r5 = dup3(r3, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 154.219834] ip_tables: iptables: counters copy to user failed while replacing table [ 154.235113] audit: type=1800 audit(1593736182.849:9): pid=9999 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=16000 res=0 00:29:42 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x2, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010080000040000000020000000900010073797a300000000048000000030a1d0200000000000000000200fffe0900010073797a30000000001c0004800800024000000000080001400000000008000200000000a60900030073797a32000000002c000000000a030000000000000000e6050000000c00044000000000000000020900010073797a300000000014000000020a3b6000000000000000000000000014000000110001"], 0xd0}}, 0x0) 00:29:42 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)) dup3(r2, r0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 154.277319] MINIX-fs: mounting unchecked file system, running fsck is recommended 00:29:42 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x10, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 00:29:42 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:42 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r0}) r5 = dup3(r3, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 154.363102] attempt to access beyond end of device [ 154.380632] loop0: rw=0, want=240, limit=52 00:29:43 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 154.404717] ip_tables: iptables: counters copy to user failed while replacing table 00:29:43 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)) dup3(r2, r0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 00:29:43 executing program 0: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x2, 0x73) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69) connect(r0, &(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @empty}, 0x3f) sendmmsg$inet_sctp(r0, &(0x7f00000003c0), 0x3a301e0909ff6cd, 0x934) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) 00:29:43 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r0}) r5 = dup3(r3, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 154.483629] ip_tables: iptables: counters copy to user failed while replacing table 00:29:43 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:43 executing program 1: r0 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f00000003c0)='./file0\x00', 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 00:29:43 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)) dup3(r2, r0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 00:29:43 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 154.655781] ip_tables: iptables: counters copy to user failed while replacing table 00:29:43 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 154.851579] ip_tables: iptables: counters copy to user failed while replacing table 00:29:43 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00') sendfile(r0, r1, 0x0, 0x4000000000dc) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x0, 0x0, 0x1, 0x1, 0xfffb, 0x0, 0x400000000}, 0x20) r2 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00') sendfile(0xffffffffffffffff, r2, &(0x7f00000001c0)=0x202, 0x4000000000dc) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36bca019c13bd2321afb56fa54f26fb0b71d0e6adfefcf1d8f7faf75e0f226bd9174830cc8111f0e1e659b93176d179c67960717142fa9ea4318123741c0a0e168c18527d0fe39b819c9f687b81d9345c652fbc16ee988e6e0dc8cedf38eb9fbfbf9b0a4def23d410f6296b32a834388107200759cda9036b4e3e9a9e152ddcc7b1b85f3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4b3449abe802f5abd4048d3b0095050d006b65043e22278d00031e5388ee5c867ddd58211d6ececb0cd2b6d357b8580218ce740068725837074e468ee207d2f73902fbcfcf49822775985bf31b715f1888b24efa00000000000000000000000066698ea600000000000006cf363b69bec2287ef19d6c9e3e00000200000000000000bf84fd1fb0f8ad28277b00000000000000b27cf3d1848a54d7132be1ffb0adf9deab29ea3323aa9fdfdebb7b3de8f67581cf796a1d4223b9ff7ffcad3f6c962b9f292324b7f82776b41cf41a951f12fb1e0a494034127de7c6592df1a6c64d8f20a67745409e011f1264d43e153b3d34899f40159e800ea2474b544035a30b23bcee46762c2093bcc9eae5ee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d337c54abf112874ec309baed0495f06d058a73650d6fe048ba6866adebab53168770a71ad901ace383e41d277b10392a912ffaf6f658f3f9cd16286744f839c3f128f8f92c1b3f97a297c9ee0c8a868a353409e34d3e82279f0ffffff5ad380a447483ca8394c7bbdcd0e3b1c39b6e00916de48a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73755539280b064bda144910fe050038ec9e47de89298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06dddeb61799257ab45ff413c86ba9affb12ec757c7234c270246c878d01160e6c07765708617432d821fe8cbf6cf8809c3a0d462357b225154dd0a2768e825972ea3b77641467c89fa0f82e8440105051e5510a33dcda5e143fbfff161c12ca389cbe4c51b3fa00675cc1b66c5fd9c26a54d43fa050645bd9109b7e7131421c0f39113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a84a4e378a9b15bc20f49e298727340e856050000e56e9cfad973347d0de7ba4754ff231a1b933d8f931ba3552b2c7c503f3d0e7ab0e958ada862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2af79b8d4c2bf0f7a4ab032dad13407b82e6044f643fc8cd47ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c9e8b55132d2af8c5e13d52c83ac3fa7c3a3ee6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e5a9ff740edce86153c950942e367a1a7506d35e5eb7088aeda890cf8a4a6f31ba6d9b8cb028f935bdcbb29fd0f1a342c9eed00000000abe7ad8452a0b6c91996d65da6c24a702a86c814459f3cdaaf99912c427f6516b233785f0a15c2a3169f38a77610dc0c236db35b61d4ab333ee8bf7b11af4cca38c2af87e20edb633eba2f2d82050ca3b454d391d4ce867728f45941d60b05b4bef26dcbeede232c8850152a19ac73560dfb3200000000000000000000cbd159be8db3bcc7bccb055770c0e0ba2c2e078a70c1bf43a3883c5bc1dc2813ed8a36849674e6ce9d265538b592310b41f8e8c6f28885971b1001fa5c4e703a6386e05e18aef5e8f4eba374d3420c2c1f968cbeb62a3af9b0e3b7ded59ff9a43be96dbb4c62a6f8f428c3a122df3149e4d60eb57c31d76e612ec011aa1aa6e98e060d87b6c0dd44d1a1701bbfb30353d149baaa87cfa3ce7b8342332eda85834b7ee93512f6a3199d7e5cfbf415c3380360120000000000000000000000000000000000020000002d6a44bc6936c92856324fe31e14e84161a26ede13d6579ea0232c09e685221de7aab1f90506e93f1cf599a7a70e818f2b3a86069681ca853ef9e8fb951748c2751ed8c13800ccf0beff1b710d6c6a8d69111a84f70284ce05af295cbb51486f6f8c78fb5e21086b687ad73443e311a9297b57d931b4ebf524e89e41a78b971bed782d3681028c392e0580b865415bea4b7d334236c512c05517fe7882dd2a4d2f3d946d08017935e868ae07d23cc223445872870860e906fd1c32ae97fafbfbe20c186a93cee0e7d5fff38bd4492eecca66037e805bea6f951f91176c48d1e30038b33ac045851df888928b71eced92822587c9e3b1ea3ea17addafc5774f07fedae75cdf2f5c72e6c67862ed2632800a2d866c2484e12a974189ac32bcac226fac5577a6ee887b7be3a7e66208ed9591386e3c0be6eaa98e6e10116d251cc9acb7e1d5d348a7572ed99c1333498f25511a00"/1804], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000240)={r3, 0xc0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x3d) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={r4}, 0xc) r5 = getpid() sched_setscheduler(r5, 0x5, &(0x7f0000000380)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={r5, r2, 0x0, 0x6, &(0x7f0000000100)='<\xa9\x91\xa2w\x90', r4}, 0x30) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@newlink={0xbc, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x611ed, 0x24809}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @ip6gre={{0xb, 0x1, 'ip6gre\x00'}, {0x24, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x7, @dev}, @IFLA_GRE_IFLAGS={0x6, 0x2, 0xf0a8}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x2}, @IFLA_LINKINFO={0x50, 0x12, 0x0, 0x1, @gretap={{0xb, 0x1, 'gretap\x00'}, {0x40, 0x2, 0x0, 0x1, [@IFLA_GRE_OKEY={0x8, 0x5, 0x2}, @IFLA_GRE_IFLAGS={0x6, 0x2, 0x5}, @IFLA_GRE_ERSPAN_INDEX={0x8, 0x15, 0xbd169}, @IFLA_GRE_ERSPAN_DIR={0x5, 0x17, 0x1}, @IFLA_GRE_TOS={0x5, 0x9, 0xfc}, @IFLA_GRE_FWMARK={0x8, 0x14, 0x6}, @IFLA_GRE_REMOTE={0x8, 0x7, @loopback}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_GSO_MAX_SEGS={0x8, 0x28, 0xeb8c}]}, 0xbc}}, 0x0) 00:29:43 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:29:43 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000480)={&(0x7f0000ab8000/0x3000)=nil, 0x3000}, 0x0) r0 = shmget$private(0x0, 0x1000, 0x54001800, &(0x7f0000fff000/0x1000)=nil) shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff) 00:29:43 executing program 0: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x2, 0x73) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69) connect(r0, &(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @empty}, 0x3f) sendmmsg$inet_sctp(r0, &(0x7f00000003c0), 0x3a301e0909ff6cd, 0x934) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) 00:29:43 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:29:43 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 155.006968] ip_tables: iptables: counters copy to user failed while replacing table [ 155.010645] audit: type=1800 audit(1593736183.619:10): pid=10113 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed" comm="syz-executor.1" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 00:29:43 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:43 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) 00:29:43 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:29:43 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 155.173252] ip_tables: iptables: counters copy to user failed while replacing table 00:29:43 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 155.229652] *** Guest State *** 00:29:43 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) 00:29:43 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00') sendfile(r0, r1, 0x0, 0x4000000000dc) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x0, 0x0, 0x1, 0x1, 0xfffb, 0x0, 0x400000000}, 0x20) r2 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00') sendfile(0xffffffffffffffff, r2, &(0x7f00000001c0)=0x202, 0x4000000000dc) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36bca019c13bd2321afb56fa54f26fb0b71d0e6adfefcf1d8f7faf75e0f226bd9174830cc8111f0e1e659b93176d179c67960717142fa9ea4318123741c0a0e168c18527d0fe39b819c9f687b81d9345c652fbc16ee988e6e0dc8cedf38eb9fbfbf9b0a4def23d410f6296b32a834388107200759cda9036b4e3e9a9e152ddcc7b1b85f3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4b3449abe802f5abd4048d3b0095050d006b65043e22278d00031e5388ee5c867ddd58211d6ececb0cd2b6d357b8580218ce740068725837074e468ee207d2f73902fbcfcf49822775985bf31b715f1888b24efa00000000000000000000000066698ea600000000000006cf363b69bec2287ef19d6c9e3e00000200000000000000bf84fd1fb0f8ad28277b00000000000000b27cf3d1848a54d7132be1ffb0adf9deab29ea3323aa9fdfdebb7b3de8f67581cf796a1d4223b9ff7ffcad3f6c962b9f292324b7f82776b41cf41a951f12fb1e0a494034127de7c6592df1a6c64d8f20a67745409e011f1264d43e153b3d34899f40159e800ea2474b544035a30b23bcee46762c2093bcc9eae5ee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d337c54abf112874ec309baed0495f06d058a73650d6fe048ba6866adebab53168770a71ad901ace383e41d277b10392a912ffaf6f658f3f9cd16286744f839c3f128f8f92c1b3f97a297c9ee0c8a868a353409e34d3e82279f0ffffff5ad380a447483ca8394c7bbdcd0e3b1c39b6e00916de48a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73755539280b064bda144910fe050038ec9e47de89298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06dddeb61799257ab45ff413c86ba9affb12ec757c7234c270246c878d01160e6c07765708617432d821fe8cbf6cf8809c3a0d462357b225154dd0a2768e825972ea3b77641467c89fa0f82e8440105051e5510a33dcda5e143fbfff161c12ca389cbe4c51b3fa00675cc1b66c5fd9c26a54d43fa050645bd9109b7e7131421c0f39113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a84a4e378a9b15bc20f49e298727340e856050000e56e9cfad973347d0de7ba4754ff231a1b933d8f931ba3552b2c7c503f3d0e7ab0e958ada862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2af79b8d4c2bf0f7a4ab032dad13407b82e6044f643fc8cd47ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c9e8b55132d2af8c5e13d52c83ac3fa7c3a3ee6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e5a9ff740edce86153c950942e367a1a7506d35e5eb7088aeda890cf8a4a6f31ba6d9b8cb028f935bdcbb29fd0f1a342c9eed00000000abe7ad8452a0b6c91996d65da6c24a702a86c814459f3cdaaf99912c427f6516b233785f0a15c2a3169f38a77610dc0c236db35b61d4ab333ee8bf7b11af4cca38c2af87e20edb633eba2f2d82050ca3b454d391d4ce867728f45941d60b05b4bef26dcbeede232c8850152a19ac73560dfb3200000000000000000000cbd159be8db3bcc7bccb055770c0e0ba2c2e078a70c1bf43a3883c5bc1dc2813ed8a36849674e6ce9d265538b592310b41f8e8c6f28885971b1001fa5c4e703a6386e05e18aef5e8f4eba374d3420c2c1f968cbeb62a3af9b0e3b7ded59ff9a43be96dbb4c62a6f8f428c3a122df3149e4d60eb57c31d76e612ec011aa1aa6e98e060d87b6c0dd44d1a1701bbfb30353d149baaa87cfa3ce7b8342332eda85834b7ee93512f6a3199d7e5cfbf415c3380360120000000000000000000000000000000000020000002d6a44bc6936c92856324fe31e14e84161a26ede13d6579ea0232c09e685221de7aab1f90506e93f1cf599a7a70e818f2b3a86069681ca853ef9e8fb951748c2751ed8c13800ccf0beff1b710d6c6a8d69111a84f70284ce05af295cbb51486f6f8c78fb5e21086b687ad73443e311a9297b57d931b4ebf524e89e41a78b971bed782d3681028c392e0580b865415bea4b7d334236c512c05517fe7882dd2a4d2f3d946d08017935e868ae07d23cc223445872870860e906fd1c32ae97fafbfbe20c186a93cee0e7d5fff38bd4492eecca66037e805bea6f951f91176c48d1e30038b33ac045851df888928b71eced92822587c9e3b1ea3ea17addafc5774f07fedae75cdf2f5c72e6c67862ed2632800a2d866c2484e12a974189ac32bcac226fac5577a6ee887b7be3a7e66208ed9591386e3c0be6eaa98e6e10116d251cc9acb7e1d5d348a7572ed99c1333498f25511a00"/1804], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000240)={r3, 0xc0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x3d) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={r4}, 0xc) r5 = getpid() sched_setscheduler(r5, 0x5, &(0x7f0000000380)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={r5, r2, 0x0, 0x6, &(0x7f0000000100)='<\xa9\x91\xa2w\x90', r4}, 0x30) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@newlink={0xbc, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x611ed, 0x24809}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @ip6gre={{0xb, 0x1, 'ip6gre\x00'}, {0x24, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x7, @dev}, @IFLA_GRE_IFLAGS={0x6, 0x2, 0xf0a8}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x2}, @IFLA_LINKINFO={0x50, 0x12, 0x0, 0x1, @gretap={{0xb, 0x1, 'gretap\x00'}, {0x40, 0x2, 0x0, 0x1, [@IFLA_GRE_OKEY={0x8, 0x5, 0x2}, @IFLA_GRE_IFLAGS={0x6, 0x2, 0x5}, @IFLA_GRE_ERSPAN_INDEX={0x8, 0x15, 0xbd169}, @IFLA_GRE_ERSPAN_DIR={0x5, 0x17, 0x1}, @IFLA_GRE_TOS={0x5, 0x9, 0xfc}, @IFLA_GRE_FWMARK={0x8, 0x14, 0x6}, @IFLA_GRE_REMOTE={0x8, 0x7, @loopback}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_GSO_MAX_SEGS={0x8, 0x28, 0xeb8c}]}, 0xbc}}, 0x0) 00:29:43 executing program 0: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x2, 0x73) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69) connect(r0, &(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @empty}, 0x3f) sendmmsg$inet_sctp(r0, &(0x7f00000003c0), 0x3a301e0909ff6cd, 0x934) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) 00:29:43 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 155.253327] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 00:29:43 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, 0x0) [ 155.313172] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 00:29:44 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) [ 155.374118] CR3 = 0x00000000fffbc000 [ 155.392728] RSP = 0x0000000000000000 RIP = 0x0000000000000000 00:29:44 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:44 executing program 0: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 00:29:44 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) [ 155.438536] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 155.478324] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 155.519861] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 155.543366] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 155.565990] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 155.584848] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 155.611940] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 155.620582] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 155.635644] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 155.645575] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 155.662284] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 155.671319] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 155.688010] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 155.695830] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 155.705335] Interruptibility = 00000000 ActivityState = 00000000 [ 155.713704] *** Host State *** [ 155.718235] RIP = 0xffffffff8116426f RSP = 0xffff88805fb6f9d0 [ 155.725780] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 155.735449] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000 [ 155.751296] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 155.762496] CR0=0000000080050033 CR3=000000008d42e000 CR4=00000000001426f0 [ 155.774188] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 155.787606] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 155.795020] *** Control State *** [ 155.800134] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 155.809160] EntryControls=0000d1ff ExitControls=002fefff [ 155.821714] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 155.831906] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 155.856021] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 155.865550] reason=80000021 qualification=0000000000000000 [ 155.890567] IDTVectoring: info=00000000 errcode=00000000 [ 155.908366] TSC Offset = 0xffffffa9b0eb6be7 [ 155.935651] EPT pointer = 0x0000000087e8801e [ 155.955379] Virtual processor ID = 0x0001 00:29:44 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:29:44 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, 0x0) 00:29:44 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:44 executing program 0: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 00:29:44 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x3da, 0x68000000) 00:29:44 executing program 4: open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 00:29:44 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:29:44 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x3da, 0x68000000) 00:29:44 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x3da, 0x68000000) [ 156.113956] *** Guest State *** [ 156.129673] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 00:29:44 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)='fS\a\x00\x00', 0x5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:29:44 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, 0x0, 0x0, 0x0) [ 156.170372] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 156.208332] CR3 = 0x00000000fffbc000 00:29:44 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, 0x0) [ 156.220533] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 156.242812] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 156.262899] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 156.276888] net_ratelimit: 5 callbacks suppressed [ 156.276893] ip_tables: iptables: counters copy to user failed while replacing table [ 156.280688] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 156.321012] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 156.336685] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 156.355511] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 156.370211] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 156.379860] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 156.391644] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 156.416198] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 156.434446] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 156.453065] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 156.462104] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 156.473518] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 156.493692] Interruptibility = 00000000 ActivityState = 00000000 [ 156.500150] *** Host State *** [ 156.503520] RIP = 0xffffffff8116426f RSP = 0xffff88805d4d79d0 [ 156.510883] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 156.518036] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000003000 [ 156.525840] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 156.532437] CR0=0000000080050033 CR3=00000000a0eb5000 CR4=00000000001426e0 [ 156.540005] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 156.546720] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 156.552886] *** Control State *** [ 156.556348] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 156.563070] EntryControls=0000d1ff ExitControls=002fefff 00:29:45 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)) dup3(r2, r1, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 00:29:45 executing program 0: open$dir(0x0, 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 00:29:45 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) 00:29:45 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, 0x0, 0x0, 0x0) 00:29:45 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x2, r0}) [ 156.568640] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 156.575554] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 156.582293] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 156.589012] reason=80000021 qualification=0000000000000000 [ 156.595318] IDTVectoring: info=00000000 errcode=00000000 [ 156.601976] TSC Offset = 0xffffffa9378a5ec3 [ 156.606300] EPT pointer = 0x00000000a171e01e [ 156.610774] Virtual processor ID = 0x0001 [ 156.666153] ip_tables: iptables: counters copy to user failed while replacing table [ 156.684996] *** Guest State *** 00:29:45 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) 00:29:45 executing program 0: r0 = socket$inet(0x2, 0x2, 0x2000000088) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) sendto$inet(r0, &(0x7f00000002c0)="5814a859a2bba6dc87135fa6c5d1a53d3b061d1c4fcf538bc8eaa3bb682659b7ec8f4396a23e8dbb3f42e5083352e8189b3439d3f65c3d5ffe7211a2a27aac1f3817a18387", 0x45, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000100)=""/77, 0x4d}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 00:29:45 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmmsg(r1, 0x0, 0x0, 0x0) [ 156.715285] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 00:29:45 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x2, r0}) [ 156.761460] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 156.771278] CR3 = 0x00000000fffbc000 [ 156.775418] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 156.796001] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 156.815122] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 156.828635] ip_tables: iptables: counters copy to user failed while replacing table [ 156.837019] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 156.856922] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 156.902969] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 156.914739] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 156.929939] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 156.947775] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 156.956819] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 156.965728] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 156.973848] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 156.982070] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 156.990417] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 156.996927] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 157.006791] Interruptibility = 00000000 ActivityState = 00000000 [ 157.013449] *** Host State *** [ 157.016731] RIP = 0xffffffff8116426f RSP = 0xffff88805c76f9d0 [ 157.022803] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 157.029840] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000034000 [ 157.037894] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 157.043778] CR0=0000000080050033 CR3=00000000a19e1000 CR4=00000000001426f0 [ 157.050857] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 157.057591] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 157.063628] *** Control State *** [ 157.067064] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 157.073797] EntryControls=0000d1ff ExitControls=002fefff [ 157.079512] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 157.086429] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 157.093153] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 157.099807] reason=80000021 qualification=0000000000000000 [ 157.106210] IDTVectoring: info=00000000 errcode=00000000 [ 157.111807] TSC Offset = 0xffffffa8e904ca96 [ 157.116120] EPT pointer = 0x0000000090c5f01e [ 157.120695] Virtual processor ID = 0x0001 00:29:47 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000240)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') r2 = socket$unix(0x1, 0x2, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4}}}, 0x108) preadv(r1, &(0x7f0000000200)=[{&(0x7f0000000140)=""/96, 0x60}], 0x1, 0xb4) 00:29:47 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) 00:29:47 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000140)=@req3={0x410000, 0x8, 0x210000, 0x8}, 0x1c) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000080), 0x4) close(r2) 00:29:47 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x2, r0}) 00:29:47 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)) dup3(r2, r1, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 00:29:47 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:29:47 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) [ 159.293399] *** Guest State *** 00:29:47 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x2, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c0000001000010800"/20, @ANYRES32=r2, @ANYBLOB="000000000000000014001680100001800c00030000000081"], 0x3c}}, 0x0) 00:29:48 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x0, r0}) 00:29:48 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) [ 159.316775] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 159.340266] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 159.405776] CR3 = 0x00000000fffbc000 [ 159.413505] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 159.428012] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 159.443681] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 00:29:48 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) 00:29:48 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x0, r0}) 00:29:48 executing program 1: recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) [ 159.464282] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 159.480035] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 159.492422] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 159.504051] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 159.544914] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 159.566456] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 00:29:48 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x40000008, 0x4) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503d03206023e0001a00000c513f7c25975e697b02f08066b2b2ff0dac8897c6b06876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) [ 159.596157] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 159.631288] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 159.643985] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 159.655456] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 159.681411] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 159.693135] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 159.706058] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 159.713986] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 159.730909] Interruptibility = 00000000 ActivityState = 00000000 [ 159.738632] *** Host State *** [ 159.741988] RIP = 0xffffffff8116426f RSP = 0xffff88805420f9d0 [ 159.752219] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 159.760964] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000 [ 159.772156] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 159.784469] CR0=0000000080050033 CR3=0000000095af4000 CR4=00000000001426f0 [ 159.801364] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 159.808495] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 159.814670] *** Control State *** [ 159.818864] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 159.825610] EntryControls=0000d1ff ExitControls=002fefff [ 159.837106] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 159.844068] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 00:29:48 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x1c, 0x23, 0x829, 0x0, 0x0, {0x2804, 0xe00000000000000}, [@typed={0x5, 0x11, 0x0, 0x0, @binary="b6"}]}, 0x1c}, 0x1, 0x60}, 0x0) 00:29:48 executing program 1: recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) 00:29:48 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)) dup3(r2, r1, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 159.851501] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 159.858980] reason=80000021 qualification=0000000000000000 [ 159.866446] IDTVectoring: info=00000000 errcode=00000000 [ 159.873519] TSC Offset = 0xffffffa7838f45f3 [ 159.880021] EPT pointer = 0x000000008710801e [ 159.885929] Virtual processor ID = 0x0001 [ 159.972255] *** Guest State *** [ 159.975653] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 159.985975] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 160.000310] CR3 = 0x00000000fffbc000 [ 160.006942] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 160.013594] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 160.019820] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 160.027053] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 160.035476] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 160.045638] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 160.054577] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 160.065101] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 160.073828] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 160.083743] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 160.094097] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 160.103007] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 160.112094] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 160.120415] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 160.126922] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 160.134687] Interruptibility = 00000000 ActivityState = 00000000 [ 160.141053] *** Host State *** [ 160.144263] RIP = 0xffffffff8116426f RSP = 0xffff888059d8f9d0 [ 160.150277] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 160.156817] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000 [ 160.167211] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 160.173200] CR0=0000000080050033 CR3=00000000a4bc6000 CR4=00000000001426f0 [ 160.181638] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 160.189762] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 160.196017] *** Control State *** [ 160.200369] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 160.207185] EntryControls=0000d1ff ExitControls=002fefff [ 160.212976] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 160.220422] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 160.227578] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 160.234777] reason=80000021 qualification=0000000000000000 [ 160.242095] IDTVectoring: info=00000000 errcode=00000000 [ 160.248766] TSC Offset = 0xffffffa726f4abef [ 160.253363] EPT pointer = 0x000000009299401e [ 160.257849] Virtual processor ID = 0x0001 00:29:50 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:29:50 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x0, r0}) 00:29:50 executing program 4: open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) syz_mount_image$minix(&(0x7f00000000c0)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f00000001c0)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000bc0)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494febcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fd36ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132abf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bf19e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e67da57123717b2dc1ab692e577bf45b121", 0x31a, 0x34f9}], 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:29:50 executing program 1: recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) 00:29:50 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000070603000000000000000000000000000500010006"], 0x1c}}, 0x0) 00:29:50 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:29:50 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140), 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) 00:29:50 executing program 3: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/4111, 0x100f}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) prctl$PR_SET_THP_DISABLE(0x29, 0x0) pkey_free(0xffffffffffffffff) [ 162.283044] audit: type=1800 audit(1593736190.900:11): pid=10420 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="sda1" ino=16047 res=0 [ 162.299173] MINIX-fs: mounting unchecked file system, running fsck is recommended 00:29:51 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140), 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) [ 162.361252] *** Guest State *** [ 162.374626] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 00:29:51 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2}) 00:29:51 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140), 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) [ 162.429716] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 162.457720] Process accounting resumed [ 162.464100] CR3 = 0x00000000fffbc000 00:29:51 executing program 4: r0 = getpgid(0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) process_vm_readv(r0, &(0x7f0000000bc0)=[{&(0x7f0000000b40)=""/123, 0x7ffff000}], 0x27a, &(0x7f0000002f80)=[{&(0x7f0000000c00)=""/215, 0x7ffff000}], 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) [ 162.506732] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 162.532213] Process accounting resumed [ 162.541723] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 162.553220] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 162.574950] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 162.586307] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 162.639336] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 162.672272] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 162.697028] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 162.722287] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 162.736248] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 162.756285] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 162.774144] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 162.791470] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 162.804775] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 162.820374] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 162.845038] Interruptibility = 00000000 ActivityState = 00000000 [ 162.868820] *** Host State *** [ 162.873837] RIP = 0xffffffff8116426f RSP = 0xffff88805a2679d0 [ 162.922463] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 162.945814] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000 [ 162.971281] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 162.981153] CR0=0000000080050033 CR3=0000000092623000 CR4=00000000001426e0 [ 162.995487] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 163.006228] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 163.017028] *** Control State *** [ 163.022333] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 163.034998] EntryControls=0000d1ff ExitControls=002fefff [ 163.044424] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 163.058473] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 163.072037] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 163.083220] reason=80000021 qualification=0000000000000000 [ 163.097067] IDTVectoring: info=00000000 errcode=00000000 [ 163.105141] TSC Offset = 0xffffffa5df9e5cfa [ 163.111377] EPT pointer = 0x000000008806201e [ 163.117805] Virtual processor ID = 0x0001 00:29:53 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:29:53 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2}) 00:29:53 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) 00:29:53 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) io_setup(0x9, &(0x7f0000000240)=0x0) connect$can_bcm(r0, &(0x7f0000000140), 0x10) io_submit(0x0, 0x2, &(0x7f0000000080)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000200)="0500000093c21faf16da39de706f646800580f02000000003f420f000000000000580f02000000003f420f000000000000ffffffff000000", 0x20000238}]) pipe(&(0x7f0000000200)) io_submit(r1, 0x2000000000000072, &(0x7f0000000080)) 00:29:53 executing program 3: 00:29:53 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:29:53 executing program 3: 00:29:53 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) 00:29:54 executing program 3: 00:29:54 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) 00:29:54 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2}) 00:29:54 executing program 4: [ 165.411289] *** Guest State *** [ 165.443654] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 165.470488] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 165.496950] CR3 = 0x00000000fffbc000 [ 165.515606] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 165.525490] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 165.542932] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 165.560653] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 165.601833] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 165.612026] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 165.628505] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 165.642044] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 165.659676] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 165.674300] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 165.684913] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 165.694270] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 165.703866] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 165.713719] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 165.721527] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 165.729699] Interruptibility = 00000000 ActivityState = 00000000 [ 165.735966] *** Host State *** [ 165.740273] RIP = 0xffffffff8116426f RSP = 0xffff888058cf79d0 [ 165.747517] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 165.754132] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000 [ 165.762774] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 165.769426] CR0=0000000080050033 CR3=00000000a1261000 CR4=00000000001426f0 [ 165.778130] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 165.784818] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 165.791575] *** Control State *** [ 165.795123] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 165.802905] EntryControls=0000d1ff ExitControls=002fefff [ 165.808825] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 165.815926] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 165.823415] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 165.831125] reason=80000021 qualification=0000000000000000 [ 165.838121] IDTVectoring: info=00000000 errcode=00000000 [ 165.844217] TSC Offset = 0xffffffa43df6cce3 [ 165.849520] EPT pointer = 0x00000000a5a3801e [ 165.854618] Virtual processor ID = 0x0001 00:29:56 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:29:56 executing program 3: 00:29:56 executing program 4: 00:29:56 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) 00:29:56 executing program 2: 00:29:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:29:56 executing program 3: 00:29:57 executing program 4: 00:29:57 executing program 2: 00:29:57 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) 00:29:57 executing program 3: [ 168.378225] *** Guest State *** [ 168.396523] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 00:29:57 executing program 4: [ 168.436611] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 168.460733] CR3 = 0x00000000fffbc000 [ 168.464789] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 168.473357] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 168.480807] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 168.497376] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 168.507292] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 168.522539] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 168.534194] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 168.543965] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 168.555432] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 168.575078] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 168.584135] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 168.595763] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 168.612927] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 168.622805] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 168.634496] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 168.646238] Interruptibility = 00000000 ActivityState = 00000000 [ 168.661101] *** Host State *** [ 168.664685] RIP = 0xffffffff8116426f RSP = 0xffff88805792f9d0 [ 168.672858] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 168.682729] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000003000 [ 168.694930] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 168.703553] CR0=0000000080050033 CR3=00000000898da000 CR4=00000000001426e0 [ 168.712197] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 168.720182] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 168.728283] *** Control State *** [ 168.732417] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 168.740779] EntryControls=0000d1ff ExitControls=002fefff [ 168.747524] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 168.757188] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 168.766663] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 168.776323] reason=80000021 qualification=0000000000000000 [ 168.784695] IDTVectoring: info=00000000 errcode=00000000 [ 168.790689] TSC Offset = 0xffffffa2a63cc057 [ 168.795147] EPT pointer = 0x000000004d52e01e [ 168.799633] Virtual processor ID = 0x0001 00:29:59 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) 00:29:59 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:29:59 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:29:59 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) 00:29:59 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mkdir(&(0x7f0000000140)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000340)={[{@nfs_export_on='nfs_export=on'}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}]}) 00:29:59 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:00 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) [ 171.394815] overlayfs: unrecognized mount option "nfs_export=on" or missing value 00:30:00 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:00 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:30:00 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) [ 171.471340] *** Guest State *** [ 171.476462] overlayfs: unrecognized mount option "nfs_export=on" or missing value 00:30:00 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:30:00 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@private1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x400000000}, 0x20) [ 171.514240] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 171.544002] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 171.591822] CR3 = 0x00000000fffbc000 [ 171.615824] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 171.640134] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 171.661611] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 171.696771] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 171.712427] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 171.723753] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 171.733536] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 171.742434] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 171.756019] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 171.769099] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 171.781580] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 171.800422] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 171.809342] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 171.818739] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 171.825444] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 171.847152] Interruptibility = 00000000 ActivityState = 00000000 [ 171.880293] *** Host State *** [ 171.887968] RIP = 0xffffffff8116426f RSP = 0xffff88804eb8f9d0 [ 171.902760] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 171.920516] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000 [ 171.930117] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 171.940660] CR0=0000000080050033 CR3=000000008aeb2000 CR4=00000000001426e0 [ 171.950769] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 171.958973] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 171.967492] *** Control State *** [ 171.971695] PinBased=0000003f CPUBased=b6a1edfe SecondaryExec=000000e3 [ 171.980515] EntryControls=0000d1ff ExitControls=002fefff [ 171.988102] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 171.996330] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 172.005182] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 172.012669] reason=80000021 qualification=0000000000000000 [ 172.020623] IDTVectoring: info=00000000 errcode=00000000 [ 172.027983] TSC Offset = 0xffffffa0ffe8204b [ 172.034217] TPR Threshold = 0x00 [ 172.039884] EPT pointer = 0x0000000084aa901e [ 172.044546] Virtual processor ID = 0x0001 00:30:03 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:03 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) 00:30:03 executing program 4: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070000053c0531d37627057964f667e107f0bd874494451055d67b5bf758112fd6f5227f8c1a40c6bc124249793bc0114fd21a1cf9e8dedca0bb17d6bb134e186a947f65621cdffc6075b3eeff630a426cbb1f5aafd4f9b4126f9b6d3fc522b15b5631336bd88b2e97a6f5ca2783dc5dbe522b54324078bd5ff3f83290983ef9fbc9d2f43bc7d5742b856365055ed7367c6ad45e122d4bce6001d10c94669d1836ebd020f592658d9f2432336d4b2c72cc2b0be21f43272a6e405bc7d59de54b1592db503f082bd2519f211877040ca2f1edbc8fc2922e14a4d1167a42c01725fe6b868ebeb5cafdffffffff656f58d80c3b9b73ee9dfeb96bcb0062c22fde3e35028eeda3ff954c9e3b119de93f295483c4b8777970d1288448a8b55dc71c041543be5ed8978f64", 0x12a}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:03 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:30:03 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:03 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r2, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "3bbbf3", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2}}}}}}}, 0x0) 00:30:03 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) [ 174.413970] ptrace attach of "/root/syz-executor.4"[10667] was attempted by "/root/syz-executor.4"[10671] 00:30:03 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) 00:30:03 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) [ 174.512661] *** Guest State *** [ 174.528528] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 174.542678] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 00:30:03 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) [ 174.563748] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 174.590177] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 174.604001] CR3 = 0x00000000fffbc000 [ 174.613192] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 174.626815] syz-executor.4 (10697) used greatest stack depth: 23616 bytes left [ 174.639104] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 174.667683] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 174.675606] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 174.691209] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 174.700468] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 174.712091] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 174.722287] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 174.731860] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 174.741530] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 174.750070] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 174.759488] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 174.769229] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 174.780226] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 174.787483] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 174.797404] Interruptibility = 00000000 ActivityState = 00000000 [ 174.804554] *** Host State *** [ 174.808697] RIP = 0xffffffff8116426f RSP = 0xffff8880559679d0 [ 174.816513] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 174.823818] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000 [ 174.832981] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 174.839238] CR0=0000000080050033 CR3=00000000a910c000 CR4=00000000001426e0 [ 174.847852] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 174.854840] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 174.861910] *** Control State *** [ 174.865486] PinBased=0000003f CPUBased=b6a1edfe SecondaryExec=000000e3 [ 174.872972] EntryControls=0000d1ff ExitControls=002fefff [ 174.879190] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 174.887244] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 174.902447] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 174.910626] reason=80000021 qualification=0000000000000000 [ 174.918140] IDTVectoring: info=00000000 errcode=00000000 [ 174.929514] TSC Offset = 0xffffff9f5dae1a78 [ 174.935276] TPR Threshold = 0x00 [ 174.941706] EPT pointer = 0x00000000a8fc501e [ 174.961039] Virtual processor ID = 0x0001 00:30:06 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:06 executing program 4: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="7000000010001f0700"/20, @ANYRES32=0x0, @ANYBLOB="1f00000000140000480012800b00010062726964676500003800028008001c00050000000500260001000000050019007e73000005002b0002"], 0x70}}, 0x0) r0 = socket(0x6000000000010, 0x3, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x492492492492778, 0x0) 00:30:06 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) 00:30:06 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r0) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:06 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:06 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r0) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:06 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) [ 177.472640] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 177.505201] *** Guest State *** 00:30:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) [ 177.516666] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 177.522046] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 177.531471] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 177.551190] CR3 = 0x00000000fffbc000 [ 177.555135] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 177.562603] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 177.574293] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 177.582664] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 177.602783] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 00:30:06 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) [ 177.617737] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 177.635816] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 177.657558] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 00:30:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = eventfd(0x0) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 177.673807] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 177.689768] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 00:30:06 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x2c, 0x200047b8, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10) sendto$inet(r0, &(0x7f0000000000)="1b", 0x1, 0x0, 0x0, 0x0) close(r0) [ 177.725678] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 177.734562] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 177.753374] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 177.775672] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 177.785263] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 177.797751] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 177.805134] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 177.832180] Interruptibility = 00000000 ActivityState = 00000000 [ 177.839704] *** Host State *** [ 177.842980] RIP = 0xffffffff8116426f RSP = 0xffff8880600779d0 [ 177.850646] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 177.857665] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000 [ 177.865756] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 177.874988] CR0=0000000080050033 CR3=00000000946f5000 CR4=00000000001426e0 [ 177.882651] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 177.890315] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 177.896990] *** Control State *** [ 177.900515] PinBased=0000003f CPUBased=b6a1edfe SecondaryExec=000000e3 [ 177.908287] EntryControls=0000d1ff ExitControls=002fefff [ 177.914063] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 177.922011] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 177.929482] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 177.936387] reason=80000021 qualification=0000000000000000 [ 177.944196] IDTVectoring: info=00000000 errcode=00000000 [ 177.950202] TSC Offset = 0xffffff9dc3145ba4 [ 177.954832] TPR Threshold = 0x00 [ 177.959397] EPT pointer = 0x000000008c70c01e [ 177.963866] Virtual processor ID = 0x0001 00:30:09 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x3da, 0x68000000) 00:30:09 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:09 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r0) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:09 executing program 4: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000580)='keyring\x00', &(0x7f00000005c0)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$clear(0x7, r0) 00:30:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = eventfd(0x0) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:30:09 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, 0x0) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = eventfd(0x0) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:30:09 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:09 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x3da, 0x68000000) [ 180.573742] *** Guest State *** 00:30:09 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$loop(&(0x7f0000000340)='/dev/loop#\x00', 0x4, 0x1104082) sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001ec0)=ANY=[@ANYBLOB="02002bbd7000"], 0x3}}, 0x10) sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, 0x0, 0x2000000) sendmsg$NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x0) socket(0x10, 0x2, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x48, 0x0, 0x10, 0x0, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WDEV={0xc}, @NL80211_ATTR_P2P_OPPPS={0x5}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x9}, @NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0x6}, @NL80211_ATTR_BSS_CTS_PROT={0x5, 0x1c, 0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x0) memfd_create(0x0, 0x0) 00:30:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)) r6 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x3}) 00:30:09 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x3da, 0x68000000) [ 180.599017] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 180.663312] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 180.694908] CR3 = 0x00000000fffbc000 00:30:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)) r6 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x3}) [ 180.713351] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 180.751317] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 180.757913] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 180.764588] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 180.798862] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 180.807773] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 180.815740] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 180.824591] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 180.844452] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 180.853043] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 180.865313] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 180.874497] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 180.887050] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 180.895519] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 180.906307] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 180.915457] Interruptibility = 00000000 ActivityState = 00000000 [ 180.926070] *** Host State *** [ 180.931999] RIP = 0xffffffff8116426f RSP = 0xffff88805df8f9d0 [ 180.947966] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 180.955667] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000034000 [ 180.964480] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 180.970667] CR0=0000000080050033 CR3=0000000088583000 CR4=00000000001426f0 [ 180.984463] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 180.991697] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 180.999521] *** Control State *** [ 181.006120] PinBased=0000003f CPUBased=b6a1edfe SecondaryExec=000000e3 [ 181.027982] EntryControls=0000d1ff ExitControls=002fefff [ 181.033720] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 181.044220] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 181.054444] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 181.064539] reason=80000021 qualification=0000000000000000 [ 181.075083] IDTVectoring: info=00000000 errcode=00000000 [ 181.082266] TSC Offset = 0xffffff9c1f3c4dd0 [ 181.093316] TPR Threshold = 0x00 [ 181.100257] EPT pointer = 0x000000009bb8b01e [ 181.105049] Virtual processor ID = 0x0001 00:30:12 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:12 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:12 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x3da, 0x68000000) 00:30:12 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000340)='/dev/loop#\x00', 0x4, 0x1104082) sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, 0x0, 0x2000000) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) getsockname$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) r1 = memfd_create(0x0, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) 00:30:12 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)) r6 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x3}) 00:30:12 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, 0x0) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:12 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:12 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, 0x0, 0x0, 0x68000000) 00:30:12 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x37}}}, 0x1c) recvmmsg(r0, &(0x7f00000004c0)=[{{&(0x7f0000000280)=@alg, 0x80, 0x0}}], 0x1, 0x0, 0x0) 00:30:12 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 183.614035] *** Guest State *** 00:30:12 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, 0x0, 0x0, 0x68000000) [ 183.651459] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 183.678409] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 00:30:12 executing program 4: [ 183.700167] CR3 = 0x00000000fffbc000 [ 183.705723] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 183.719359] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 183.725852] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 183.774204] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 183.802228] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 183.814772] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 183.824200] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 183.838573] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 183.847284] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 183.856252] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 183.865149] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 183.874699] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 183.885902] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 183.894443] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 183.901573] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 183.910243] Interruptibility = 00000000 ActivityState = 00000000 [ 183.917323] *** Host State *** [ 183.920766] RIP = 0xffffffff8116426f RSP = 0xffff88805bc0f9d0 [ 183.928407] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 183.936245] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000 [ 183.944850] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 183.952290] CR0=0000000080050033 CR3=00000000a58e6000 CR4=00000000001426e0 [ 183.960368] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 183.968654] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 183.975241] *** Control State *** [ 183.979697] PinBased=0000003f CPUBased=b6a1edfe SecondaryExec=000000e3 [ 183.988479] EntryControls=0000d1ff ExitControls=002fefff [ 183.994249] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 184.004374] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 184.011930] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 184.019324] reason=80000021 qualification=0000000000000000 [ 184.027925] IDTVectoring: info=00000000 errcode=00000000 [ 184.033656] TSC Offset = 0xffffff9a7e532bab [ 184.039155] TPR Threshold = 0x00 [ 184.043211] EPT pointer = 0x000000008f5ba01e [ 184.049189] Virtual processor ID = 0x0001 00:30:15 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r4}) r5 = dup3(0xffffffffffffffff, r3, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x3}) 00:30:15 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, 0x0, 0x0, 0x68000000) 00:30:15 executing program 3: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:15 executing program 4: 00:30:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, 0x0) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:15 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'bridge0\x00'}, 0x18) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) close(0xffffffffffffffff) 00:30:15 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x0) 00:30:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r4}) r5 = dup3(0xffffffffffffffff, r3, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x3}) 00:30:15 executing program 3: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) [ 186.654558] *** Guest State *** [ 186.675828] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 [ 186.707334] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 186.716885] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 00:30:15 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x0) 00:30:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r4}) r5 = dup3(0xffffffffffffffff, r3, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x3}) [ 186.725992] CR3 = 0x00000000fffbc000 [ 186.729995] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 186.769727] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 186.786372] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 186.802063] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 186.820804] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 186.838014] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 186.854943] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 186.872071] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 186.886319] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 186.894440] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 186.907064] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 186.915223] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 186.923730] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 186.932026] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 186.939188] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 186.947067] Interruptibility = 00000000 ActivityState = 00000000 [ 186.953542] *** Host State *** [ 186.957222] RIP = 0xffffffff8116426f RSP = 0xffff88805d8f79d0 [ 186.963357] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 186.970015] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000034000 [ 186.978022] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 186.984378] CR0=0000000080050033 CR3=0000000092a4a000 CR4=00000000001426f0 [ 186.995531] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 187.003060] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 187.019745] *** Control State *** [ 187.031490] PinBased=0000003f CPUBased=b6a1edfe SecondaryExec=000000e3 [ 187.041930] EntryControls=0000d1ff ExitControls=002fefff [ 187.052020] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 187.062039] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 187.069820] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 187.076586] reason=80000021 qualification=0000000000000000 [ 187.082985] IDTVectoring: info=00000000 errcode=00000000 [ 187.088583] TSC Offset = 0xffffff98dee29fd9 [ 187.093189] TPR Threshold = 0x00 [ 187.096685] EPT pointer = 0x00000000910ff01e [ 187.101099] Virtual processor ID = 0x0001 00:30:18 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:18 executing program 4: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DEL(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffee9, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="600000000906010100000000000000000000000005000100060000800c00078008000940fe0000040900020073797a30"], 0x1}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x45fe5, 0x0) 00:30:18 executing program 3: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:18 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r3, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:18 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x0) 00:30:18 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(0xffffffffffffffff, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:18 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:18 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000340)='/dev/loop#\x00', 0x2, 0x1100082) memfd_create(&(0x7f0000000000), 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff) r1 = dup(0xffffffffffffffff) ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0) mknod(&(0x7f0000000200)='./file0\x00', 0x800, 0x0) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) r2 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$uinput_user_dev(r2, &(0x7f0000000400)={'syz1\x00', {}, 0xd, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d9e], [0x0, 0x0, 0x0, 0x2a7813c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x67f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xbaa1, 0x0, 0x0, 0x1, 0x9, 0x0, "f8ca781d5f90935c68fa7e6f014904cedb2b372826eac4170f5796e81e086932ef0dd786e718d8343d49d4273cc82ed2b3cf63524fc21d71047600", "92ef27daf4634f9065ecbc04c983483f390c3d7bf9ac5c11d0b60f5d070e9826557914da1500024534b1192353f3f801223d563be035c7fb302fe546973e9c78", "1e3c5b7be4da2a17da000000f6ff000000000000080000001d000000000000c3"}) 00:30:18 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r3, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) [ 189.638296] *** Guest State *** [ 189.652147] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'. [ 189.670804] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 00:30:18 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r3, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) [ 189.701329] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 189.728856] CR3 = 0x00000000fffbc000 00:30:18 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) r1 = gettid() r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/vlan/vlan0\x00') sendfile(r0, r2, 0x0, 0x80040006) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) tkill(r1, 0x0) [ 189.755237] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 189.763697] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 189.783054] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 189.791451] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 00:30:18 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4}) r5 = dup3(r3, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x3}) [ 189.823788] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 189.842005] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 189.858327] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 189.867480] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 189.876133] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 189.903096] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 189.912303] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 189.921938] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 189.931082] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 189.945470] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 189.952952] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 189.961638] Interruptibility = 00000000 ActivityState = 00000000 [ 189.968543] *** Host State *** [ 189.971852] RIP = 0xffffffff8116426f RSP = 0xffff88805968f9d0 [ 189.979563] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 189.985980] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000003000 [ 189.994711] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 190.001529] CR0=0000000080050033 CR3=0000000092109000 CR4=00000000001426e0 [ 190.009259] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 190.016011] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 190.023397] *** Control State *** [ 190.027589] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 190.034333] EntryControls=0000d1ff ExitControls=002fefff [ 190.041426] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 190.049286] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 190.056030] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 190.063834] reason=80000021 qualification=0000000000000000 [ 190.071078] IDTVectoring: info=00000000 errcode=00000000 [ 190.077309] TSC Offset = 0xffffff97448a0066 [ 190.081748] EPT pointer = 0x000000009ead101e [ 190.087345] Virtual processor ID = 0x0001 00:30:21 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:21 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:21 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4}) r5 = dup3(r3, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x3}) 00:30:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(0xffffffffffffffff, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:21 executing program 4: 00:30:21 executing program 1: 00:30:21 executing program 4: 00:30:21 executing program 1: 00:30:21 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:21 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4}) r5 = dup3(r3, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x3}) 00:30:21 executing program 1: 00:30:21 executing program 4: [ 192.710313] *** Guest State *** [ 192.713802] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 192.728951] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 192.772252] CR3 = 0x00000000fffbc000 [ 192.779456] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 192.785792] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 192.795563] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 192.822977] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 192.837546] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 192.849367] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 192.857723] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 192.865775] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 192.874597] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 192.884024] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 192.892306] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 192.900965] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 192.909373] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 192.918834] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 192.925260] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 192.933076] Interruptibility = 00000000 ActivityState = 00000000 [ 192.939638] *** Host State *** [ 192.942843] RIP = 0xffffffff8116426f RSP = 0xffff88805a9af9d0 [ 192.949375] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 192.955877] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000 [ 192.964000] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 192.971272] CR0=0000000080050033 CR3=00000000a913b000 CR4=00000000001426f0 [ 192.979001] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 192.985680] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 192.992020] *** Control State *** [ 192.995482] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 193.005450] EntryControls=0000d1ff ExitControls=002fefff [ 193.014357] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 193.021719] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 193.028832] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 193.035418] reason=80000021 qualification=0000000000000000 [ 193.043237] IDTVectoring: info=00000000 errcode=00000000 [ 193.049757] TSC Offset = 0xffffff959e7e423a [ 193.054353] EPT pointer = 0x00000000927ae01e [ 193.060106] Virtual processor ID = 0x0001 00:30:24 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:24 executing program 1: 00:30:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) dup(r1) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:24 executing program 4: 00:30:24 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:24 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(0xffffffffffffffff, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:24 executing program 4: 00:30:24 executing program 1: 00:30:24 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) dup(r1) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:24 executing program 1: 00:30:24 executing program 4: [ 195.782535] *** Guest State *** [ 195.792573] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 195.823054] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 195.833985] CR3 = 0x00000000fffbc000 [ 195.838101] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 195.844859] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 195.856715] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 195.863995] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 195.875913] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 195.884546] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 195.918820] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 195.932010] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 195.940836] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 195.949307] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 195.958533] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 195.966733] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 195.974780] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 195.983596] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 195.994025] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 196.001661] Interruptibility = 00000000 ActivityState = 00000000 [ 196.026707] *** Host State *** [ 196.029953] RIP = 0xffffffff8116426f RSP = 0xffff88805a2879d0 [ 196.040778] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 196.048815] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000 [ 196.060974] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 196.071648] CR0=0000000080050033 CR3=00000000a5004000 CR4=00000000001426e0 [ 196.088150] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 196.101486] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 196.107994] *** Control State *** [ 196.111478] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 196.126364] EntryControls=0000d1ff ExitControls=002fefff [ 196.132032] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 196.140151] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 196.147702] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 196.154279] reason=80000021 qualification=0000000000000000 [ 196.160675] IDTVectoring: info=00000000 errcode=00000000 [ 196.166588] TSC Offset = 0xffffff93f9c3e0ef [ 196.170993] EPT pointer = 0x000000009d0b101e [ 196.175393] Virtual processor ID = 0x0001 00:30:27 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:27 executing program 4: mkdir(0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000480)={0x1, 0x6, 0x2a61, 0x549, 0x44}, 0x40) sendmsg$NLBL_CALIPSO_C_LISTALL(0xffffffffffffffff, 0x0, 0x0) 00:30:27 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000600)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00') mkdirat(r0, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) dup3(0xffffffffffffffff, r0, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000540)='./file0/file0\x00', r1, &(0x7f0000000180)='./file0/file0\x00') renameat2(r1, &(0x7f0000000100)='./file0/file0\x00', r1, &(0x7f0000000000)='./file0\x00', 0x4) recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f00000002c0), &(0x7f0000000380)=0xc) getsockname$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000400)=0x14) 00:30:27 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) dup(r1) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:27 executing program 4: perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') 00:30:27 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) [ 198.749827] *** Guest State *** [ 198.767331] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 00:30:27 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4}) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x3}) [ 198.794704] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 198.806621] CR3 = 0x00000000fffbc000 00:30:27 executing program 4: r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, 0x0) 00:30:27 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:27 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000600)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00') mkdirat(r0, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) dup3(0xffffffffffffffff, r0, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000540)='./file0/file0\x00', r1, &(0x7f0000000180)='./file0/file0\x00') renameat2(r1, &(0x7f0000000100)='./file0/file0\x00', r1, &(0x7f0000000000)='./file0\x00', 0x4) recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f00000002c0), &(0x7f0000000380)=0xc) getsockname$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000400)=0x14) [ 198.848535] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 198.862280] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 198.869182] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 198.878637] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 00:30:27 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:27 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4}) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x3}) [ 198.915266] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 198.935536] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 198.947966] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 00:30:27 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) [ 198.989861] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 199.027905] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 199.070063] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 199.096300] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 199.105275] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 199.113530] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 199.121898] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 199.130415] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 199.138448] Interruptibility = 00000000 ActivityState = 00000000 [ 199.144933] *** Host State *** [ 199.148565] RIP = 0xffffffff8116426f RSP = 0xffff88805a4379d0 [ 199.154678] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 199.162593] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000 [ 199.170911] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 199.177195] CR0=0000000080050033 CR3=000000008f232000 CR4=00000000001426e0 [ 199.184400] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 199.192487] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 199.198925] *** Control State *** [ 199.202487] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 199.209515] EntryControls=0000d1ff ExitControls=002fefff [ 199.215075] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 199.222365] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 199.229398] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 199.237133] reason=80000021 qualification=0000000000000000 [ 199.244339] IDTVectoring: info=00000000 errcode=00000000 [ 199.251105] TSC Offset = 0xffffff9263466817 [ 199.256623] EPT pointer = 0x000000008b98701e [ 199.261156] Virtual processor ID = 0x0001 00:30:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:27 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:27 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000600)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00') mkdirat(r0, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) dup3(0xffffffffffffffff, r0, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000540)='./file0/file0\x00', r1, &(0x7f0000000180)='./file0/file0\x00') renameat2(r1, &(0x7f0000000100)='./file0/file0\x00', r1, &(0x7f0000000000)='./file0\x00', 0x4) recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f00000002c0), &(0x7f0000000380)=0xc) getsockname$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000400)=0x14) 00:30:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4}) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x3}) 00:30:27 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:28 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(0x0, &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:28 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:28 executing program 1: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x22101, 0x0) epoll_pwait(r0, &(0x7f0000000180)=[{}, {}, {}, {}], 0x4, 0x80000000, 0x0, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000300)=0x10080) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() process_vm_writev(r2, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) [ 199.509617] *** Guest State *** [ 199.513061] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 199.555127] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 199.575295] CR3 = 0x00000000fffbc000 [ 199.589734] RSP = 0x0000000000000000 RIP = 0x0000000000000000 00:30:28 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(0x0, &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:28 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) [ 199.602377] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 199.616539] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 199.635765] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 00:30:28 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(0x0, &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) [ 199.661743] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 199.682373] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 199.727372] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 199.746813] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 199.762490] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 199.774487] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 199.797047] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 199.812430] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 199.835478] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 199.853304] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 199.870383] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 199.878623] Interruptibility = 00000000 ActivityState = 00000000 00:30:28 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) [ 199.884939] *** Host State *** [ 199.893208] RIP = 0xffffffff8116426f RSP = 0xffff88805ad779d0 [ 199.911783] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 199.920921] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000034000 [ 199.937168] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 199.953870] CR0=0000000080050033 CR3=0000000084742000 CR4=00000000001426f0 [ 199.962941] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 199.974620] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 199.981017] *** Control State *** [ 199.984571] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 199.995766] EntryControls=0000d1ff ExitControls=002fefff [ 200.001610] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 200.012996] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 200.022765] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 200.033219] reason=80000021 qualification=0000000000000000 [ 200.040472] IDTVectoring: info=00000000 errcode=00000000 [ 200.046099] TSC Offset = 0xffffff91fa26b109 [ 200.050494] EPT pointer = 0x0000000090ea201e [ 200.054917] Virtual processor ID = 0x0001 00:30:28 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 200.155550] *** Guest State *** [ 200.159114] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 200.168683] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 200.177788] CR3 = 0x00000000fffbc000 [ 200.181674] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 200.188121] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 200.194445] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 200.201356] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 200.209484] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 200.217561] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 200.225635] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 200.233706] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 200.241781] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 200.249827] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 200.257870] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 200.265822] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 200.273850] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 200.284018] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 200.290517] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 200.298065] Interruptibility = 00000000 ActivityState = 00000000 [ 200.304646] *** Host State *** [ 200.307916] RIP = 0xffffffff8116426f RSP = 0xffff88805d8579d0 [ 200.313885] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 200.320336] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000 [ 200.328202] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 200.334187] CR0=0000000080050033 CR3=000000009202c000 CR4=00000000001426f0 [ 200.341264] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 200.347989] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 200.354162] *** Control State *** [ 200.357666] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 200.364317] EntryControls=0000d1ff ExitControls=002fefff [ 200.369838] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 200.376829] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 200.383482] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 200.390100] reason=80000021 qualification=0000000000000000 [ 200.396485] IDTVectoring: info=00000000 errcode=00000000 [ 200.401958] TSC Offset = 0xffffff91a19ef55a [ 200.406324] EPT pointer = 0x000000009186901e [ 200.410725] Virtual processor ID = 0x0001 00:30:30 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:30 executing program 1: open(&(0x7f00000000c0)='./file0\x00', 0x18d042, 0x0) mknod(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000000a000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x8000000200000402, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r0 = open(&(0x7f0000000600)='./bus\x00', 0x22, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$P9_RATTACH(r0, &(0x7f0000000080)={0x14}, 0xfffffff4) 00:30:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:30 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', 0x0, 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:30 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) [ 202.390800] audit: type=1800 audit(1593736231.011:12): pid=11426 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=16265 res=0 00:30:31 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', 0x0, 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:31 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:31 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:31 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', 0x0, 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 202.531165] audit: type=1800 audit(1593736231.151:13): pid=11426 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=16265 res=0 00:30:31 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:34 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:34 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:30:34 executing program 1: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0x5, &(0x7f0000000100)=0x80000000, 0x4) 00:30:34 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:30:34 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 205.425799] FAT-fs (loop3): bogus number of reserved sectors [ 205.441380] FAT-fs (loop3): Can't find a valid FAT filesystem 00:30:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:30:34 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:34 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x0, 0x0) mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61) 00:30:34 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 205.563503] FAT-fs (loop3): bogus number of reserved sectors [ 205.576378] FAT-fs (loop3): Can't find a valid FAT filesystem 00:30:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:30:34 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x3d) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, 0x0, 0x0, 0x0) 00:30:34 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:34 executing program 1: perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x91}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000400)=ANY=[], 0x19) setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="88a5fd3ee85c90b6b29b982e2aae6a97e447c1d133e161ce531715a329d2d8262ae175202eac954c24c6851ed9c153cbcd7215d0fcb5d01f55d4d1d9fb2810d85ab3c41915b700b6fef257ef5f4491f8b2852195988a5efd683cd3a0e8c32bb20172d26a019ef9a1baad0c0eb7f1e3bf16a05b2ae7bee992f50b5356804230043696ee4d16ba1fa536f2758e64914bd25a61b2eafb84f5d06d3c6c8c488d86d11e22cf5153f8b6cb82c0ba91b846f438cc0367b1390e6fcec4643a11b0c828533345c1bbd1c8d1e530621bafe56fa537a27b94f6332c8d6f040031d85f3e8ffacb838daff6a075c84a0741c6b633c326a530ff6835a4c27a27ba6d92e1245742449e"], 0x18) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x808400, 0x0) socketpair(0x4, 0x4, 0x80000001, &(0x7f0000000140)={0xffffffffffffffff}) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000200)=@nat={'nat\x00', 0x19, 0x6, 0x5d4, [0x20000a00, 0x0, 0x0, 0x20000b8c, 0x20000cda], 0x0, 0x0, &(0x7f0000001040)=ANY=[]}, 0x78) chdir(&(0x7f00000000c0)='./file0\x00') lstat(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x80008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) fallocate(r1, 0x0, 0x0, 0x110001) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x10, r2, 0x0) ftruncate(r2, 0x0) listen(0xffffffffffffffff, 0x0) 00:30:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) [ 205.730750] FAT-fs (loop3): bogus number of reserved sectors [ 205.737025] FAT-fs (loop3): Can't find a valid FAT filesystem 00:30:34 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) splice(r0, 0x0, r1, 0x0, 0x10004, 0x0) 00:30:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:34 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x3d) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, 0x0, 0x0, 0x0) 00:30:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:34 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x0, 0x0, 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:34 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x26, &(0x7f0000000240)="c4fe910c6786cec96ddb5322addee07bee6333b5cacd891969b71832cb470c94d61f3514dca7"}}], 0x1c) wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040), 0x56}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33265be9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x33) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:30:34 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x3d) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, 0x0, 0x0, 0x0) 00:30:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:35 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x0, 0x0, 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) [ 206.343231] FAT-fs (loop3): bogus number of reserved sectors [ 206.370740] FAT-fs (loop3): Can't find a valid FAT filesystem 00:30:35 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:35 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) [ 206.507555] FAT-fs (loop3): bogus number of reserved sectors [ 206.530130] FAT-fs (loop3): Can't find a valid FAT filesystem 00:30:35 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) splice(r0, 0x0, r1, 0x0, 0x10004, 0x0) 00:30:35 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:35 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, 0x0) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:35 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x0, 0x0, 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) [ 207.167760] FAT-fs (loop3): bogus number of reserved sectors [ 207.184097] FAT-fs (loop3): Can't find a valid FAT filesystem 00:30:37 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r2 = shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil) shmctl$IPC_RMID(r2, 0x0) 00:30:37 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:37 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:37 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, 0x0) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:37 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) splice(r0, 0x0, r1, 0x0, 0x10004, 0x0) [ 209.343947] FAT-fs (loop3): bogus number of reserved sectors 00:30:38 executing program 1: 00:30:38 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:38 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 209.384471] FAT-fs (loop3): Can't find a valid FAT filesystem 00:30:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:38 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, 0x0) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:38 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:38 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 209.461802] ptrace attach of "/root/syz-executor.0"[11781] was attempted by "/root/syz-executor.0"[11783] 00:30:38 executing program 1: [ 209.518287] ptrace attach of "/root/syz-executor.0"[11791] was attempted by "/root/syz-executor.0"[11792] 00:30:38 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:38 executing program 1: [ 209.563539] FAT-fs (loop3): bogus number of reserved sectors [ 209.580656] FAT-fs (loop3): Can't find a valid FAT filesystem 00:30:38 executing program 1: [ 209.641490] ptrace attach of "/root/syz-executor.0"[11818] was attempted by "/root/syz-executor.0"[11821] 00:30:38 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:30:38 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:38 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:38 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:30:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:38 executing program 1: 00:30:38 executing program 1: 00:30:38 executing program 1: 00:30:38 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:38 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 210.264885] FAT-fs (loop3): bogus number of reserved sectors [ 210.292092] FAT-fs (loop3): Can't find a valid FAT filesystem 00:30:38 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:38 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f0000000340)="fc0000004800070100008000090007000a0180fe000000000000e293210001c000000000000000000000000000000001fa2c1ec28656aaa79bb94b46fe000000bc00020000036c6c256f1a272fdf0d11512fd606000000000000008934d07302ade01720d7d5bbc91a3e2e80772c05defd5a322038f4f8b29d3ef3d92c83170e5bba4a463ae4f5566f91cf8c407e5c8d81702cf255b5d9896a06190215b2ccd243f24fed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48f6f0000080548deac270e33429fd3000175e63fe8df696b4b90194ab8d38a873c", 0xfc) 00:30:39 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:30:39 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{0x0}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:39 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:39 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:39 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:39 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x86a01780, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@struct]}, {0x0, [0x0, 0x0, 0x0, 0x0]}}, 0x0, 0x2a}, 0x20) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x33) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:30:39 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:39 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) [ 211.117754] FAT-fs (loop3): bogus number of reserved sectors [ 211.139783] FAT-fs (loop3): Can't find a valid FAT filesystem 00:30:39 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{0x0}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:39 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 211.195693] *** Guest State *** [ 211.212609] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 00:30:39 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 211.249502] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 211.277322] CR3 = 0x00000000fffbc000 [ 211.282519] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 211.288618] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 211.294584] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 211.301463] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 211.317401] FAT-fs (loop3): bogus number of reserved sectors [ 211.323321] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 211.333622] FAT-fs (loop3): Can't find a valid FAT filesystem [ 211.349125] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 211.360940] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 211.385340] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 211.399221] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 211.408878] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 211.427781] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 211.437037] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 211.445033] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 211.454419] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 211.461507] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 211.469581] Interruptibility = 00000000 ActivityState = 00000000 [ 211.476523] *** Host State *** [ 211.479738] RIP = 0xffffffff8116426f RSP = 0xffff888058b3f9d0 [ 211.487906] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 211.494348] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000 [ 211.503093] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 211.509501] CR0=0000000080050033 CR3=0000000090eae000 CR4=00000000001426e0 [ 211.517147] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 211.523933] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 211.536467] *** Control State *** [ 211.539969] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 211.550081] EntryControls=0000d1ff ExitControls=002fefff [ 211.566183] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 211.573125] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 211.584125] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 211.591666] reason=80000021 qualification=0000000000000000 [ 211.598675] IDTVectoring: info=00000000 errcode=00000000 [ 211.604188] TSC Offset = 0xffffff8bb8363b43 [ 211.609128] TPR Threshold = 0x00 [ 211.612484] EPT pointer = 0x000000008cb5901e [ 211.618331] Virtual processor ID = 0x0001 00:30:40 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:30:40 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:30:40 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{0x0}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 212.026068] FAT-fs (loop3): bogus number of reserved sectors [ 212.035220] *** Guest State *** [ 212.044892] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 212.051818] FAT-fs (loop3): Can't find a valid FAT filesystem [ 212.055389] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 212.075985] CR3 = 0x00000000fffbc000 [ 212.079861] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 212.091862] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 212.100134] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 212.108304] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 212.117142] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 212.133093] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 212.144850] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 212.163592] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 212.172118] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 212.180322] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 212.188933] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 212.197324] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 212.205380] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 212.213444] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 212.219970] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 212.227658] Interruptibility = 00000000 ActivityState = 00000000 [ 212.234155] *** Host State *** [ 212.237411] RIP = 0xffffffff8116426f RSP = 0xffff88805a2679d0 [ 212.243379] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 212.249862] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000003000 [ 212.257838] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 212.263717] CR0=0000000080050033 CR3=0000000082ccb000 CR4=00000000001426e0 [ 212.270797] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 212.277766] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 212.283816] *** Control State *** [ 212.287325] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 212.293997] EntryControls=0000d1ff ExitControls=002fefff [ 212.299500] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 212.306540] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 212.313193] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 212.319837] reason=80000021 qualification=0000000000000000 [ 212.326267] IDTVectoring: info=00000000 errcode=00000000 [ 212.331742] TSC Offset = 0xffffff8b44f802e6 [ 212.336131] TPR Threshold = 0x00 [ 212.339510] EPT pointer = 0x00000000832a001e [ 212.343939] Virtual processor ID = 0x0001 00:30:42 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000193c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc0, 0xc0, 0x3, [@int, @union={0x0, 0x8, 0x0, 0x5, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}]}, @enum={0x0, 0x7, 0x0, 0x6, 0x4, [{}, {}, {}, {}, {}, {}, {}]}]}, {0x0, [0x0]}}, 0x0, 0xdb}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102392, 0x18ff8}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:30:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:30:42 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:42 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:42 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:42 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) dup2(r5, r5) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:30:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r3, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) [ 214.144274] FAT-fs (loop3): bogus number of reserved sectors [ 214.174144] FAT-fs (loop3): Can't find a valid FAT filesystem [ 214.188760] *** Guest State *** 00:30:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r3, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:42 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) [ 214.196146] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 214.211383] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 214.231304] CR3 = 0x00000000fffbc000 [ 214.235181] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 214.242400] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 214.253653] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 214.267244] FAT-fs (loop3): bogus number of reserved sectors [ 214.273194] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 214.283414] FAT-fs (loop3): Can't find a valid FAT filesystem 00:30:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r3, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) [ 214.289979] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 214.299117] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 214.307758] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 214.333491] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 00:30:42 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) [ 214.343901] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 214.354144] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 214.367869] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 214.376902] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 214.386323] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 00:30:43 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 214.401181] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 214.419359] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 214.440125] Interruptibility = 00000000 ActivityState = 00000000 [ 214.447086] FAT-fs (loop3): bogus number of reserved sectors [ 214.449997] *** Host State *** [ 214.459285] FAT-fs (loop3): Can't find a valid FAT filesystem [ 214.463141] RIP = 0xffffffff8116426f RSP = 0xffff88805bddf9d0 [ 214.473165] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 214.494008] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000 [ 214.520547] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 214.526840] CR0=0000000080050033 CR3=000000009e9c8000 CR4=00000000001426e0 [ 214.543061] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 214.557757] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 214.564009] *** Control State *** [ 214.569182] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 214.576737] EntryControls=0000d1ff ExitControls=002fefff [ 214.582591] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 214.591657] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 214.599369] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 214.606867] reason=80000021 qualification=0000000000000000 [ 214.613298] IDTVectoring: info=00000000 errcode=00000000 [ 214.619609] TSC Offset = 0xffffff8a1e17edce [ 214.623958] TPR Threshold = 0x00 [ 214.628650] EPT pointer = 0x0000000093de001e [ 214.633576] Virtual processor ID = 0x0001 00:30:45 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000600)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000001000000000000e000000040000009002000000000000c800000060010000c8000000c8000000e8010000f8010000f8010000f8010000f801000504000000118000000000ffff00000000000075e500f4ffffff00000000000000000000000000000000003e7ef2a0a2080000ff00000000000000000000002000002700000000000000fd3542290000000000000000000000000000fff700000000440000a000c80000008000000000fdff000000000000000000000030006164647274797065000000000000d25900000000000000000000000000000000000001000f6c0000000000000000280052454a4543540000800000000000020000000000000000000000000000000000000068a30000e09ebca7f181683a9c00040004000000677265300000000700000000000000000000fffffffffffffff70093af4afb000000000000000000000100000f00000000000000000000ef0030b8942a9082d4cf0000001d00000070009800cf00000000000000000067c2137b650096ae0000280052454a454354000000080000000000000000000000000000000000000000712a00800000000000000000000000000000020000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000002000000008100000000000000000000000000000000000000b93f007000980000000000000000000000000002000000800000002800534554000000000000000000000000000000000000000000000000000001000004000000050f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000002000000000000000000000097a3eb8d13ab5daa0000000000000000feffffff"], 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='bridge0\x00', 0x10) connect$inet(r2, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmmsg(r2, &(0x7f0000007fc0), 0x400000000000030, 0x0) 00:30:45 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:45 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) dup2(r5, r5) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:30:45 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:30:45 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="040000090000000066617400", 0xc}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) [ 217.162329] FAT-fs (loop3): bogus number of reserved sectors [ 217.167602] Cannot find add_set index 0 as target [ 217.172532] FAT-fs (loop3): Can't find a valid FAT filesystem 00:30:45 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:30:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="040000090000000066617400", 0xc}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) [ 217.214200] *** Guest State *** [ 217.230729] Cannot find add_set index 0 as target [ 217.249387] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 00:30:45 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 217.281926] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 217.308408] FAT-fs (loop3): bogus number of reserved sectors 00:30:45 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, 0x0) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 217.322015] CR3 = 0x00000000fffbc000 [ 217.328938] FAT-fs (loop3): Can't find a valid FAT filesystem [ 217.353780] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 217.370986] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 00:30:46 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="040000090000000066617400", 0xc}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) [ 217.377787] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 217.384480] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 217.429654] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 217.467148] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 00:30:46 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, 0x0) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 217.483053] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 217.491292] FAT-fs (loop3): bogus number of reserved sectors [ 217.504200] FAT-fs (loop3): Can't find a valid FAT filesystem [ 217.515151] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 217.523173] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 00:30:46 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) [ 217.561120] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 217.579450] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 217.597526] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 217.609940] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 217.642075] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 217.653785] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 217.672478] Interruptibility = 00000000 ActivityState = 00000000 [ 217.681825] *** Host State *** [ 217.702458] RIP = 0xffffffff8116426f RSP = 0xffff888090e0f9d0 [ 217.719559] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 217.727189] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000 [ 217.739085] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 217.745287] CR0=0000000080050033 CR3=0000000090c40000 CR4=00000000001426f0 [ 217.752319] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 217.763543] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 217.770080] *** Control State *** [ 217.773706] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 217.781417] EntryControls=0000d1ff ExitControls=002fefff [ 217.787826] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 217.795438] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 217.802198] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 217.809055] reason=80000021 qualification=0000000000000000 [ 217.815445] IDTVectoring: info=00000000 errcode=00000000 [ 217.820886] TSC Offset = 0xffffff887f1005d5 [ 217.825290] TPR Threshold = 0x00 [ 217.828663] EPT pointer = 0x000000009b67101e [ 217.833062] Virtual processor ID = 0x0001 00:30:46 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 217.928970] *** Guest State *** [ 217.932386] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 217.941505] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 217.951312] CR3 = 0x00000000fffbc000 [ 217.955232] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 217.961268] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 217.968397] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 217.975247] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 217.983359] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 217.992004] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 218.000238] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 218.008375] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 218.016433] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 00:30:46 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) dup2(r5, r5) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:30:46 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200", 0x12}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) [ 218.024410] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 218.032603] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 218.044668] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 218.052783] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 218.065487] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 218.073997] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 218.082373] Interruptibility = 00000000 ActivityState = 00000000 [ 218.089239] FAT-fs (loop3): invalid media value (0x00) [ 218.089255] *** Host State *** [ 218.098729] RIP = 0xffffffff8116426f RSP = 0xffff88805c7b79d0 [ 218.102499] FAT-fs (loop3): Can't find a valid FAT filesystem [ 218.106248] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 218.118601] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000 [ 218.128977] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 218.135749] CR0=0000000080050033 CR3=000000008ed8c000 CR4=00000000001426f0 [ 218.142878] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 218.150590] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 218.157757] *** Control State *** [ 218.161226] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 218.168849] EntryControls=0000d1ff ExitControls=002fefff [ 218.174309] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 218.181878] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 218.189190] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 218.197146] reason=80000021 qualification=0000000000000000 [ 218.203613] IDTVectoring: info=00000000 errcode=00000000 [ 218.214224] TSC Offset = 0xffffff881d20843e [ 218.219095] TPR Threshold = 0x00 [ 218.222565] EPT pointer = 0x000000008cca001e [ 218.227770] Virtual processor ID = 0x0001 00:30:48 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:48 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, 0x0) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:30:48 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) dup(r1) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:48 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200", 0x12}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:48 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:48 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) [ 220.162750] FAT-fs (loop3): invalid media value (0x00) [ 220.175619] FAT-fs (loop3): Can't find a valid FAT filesystem 00:30:48 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200", 0x12}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) [ 220.215525] *** Guest State *** [ 220.226876] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 00:30:48 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) dup2(r5, r5) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:30:48 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 220.261501] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 220.284418] FAT-fs (loop3): invalid media value (0x00) [ 220.290020] FAT-fs (loop3): Can't find a valid FAT filesystem [ 220.309859] CR3 = 0x00000000fffbc000 [ 220.321150] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 220.335593] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 220.349552] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 00:30:49 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400", 0x15}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:49 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 220.364748] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 220.377392] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 220.412762] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 220.421219] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 220.430134] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 220.440075] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 220.459854] FAT-fs (loop3): invalid media value (0x00) [ 220.461109] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 220.472322] FAT-fs (loop3): Can't find a valid FAT filesystem 00:30:49 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 220.507076] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 220.533652] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 220.541989] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 220.550408] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 220.569863] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 220.583493] Interruptibility = 00000000 ActivityState = 00000000 [ 220.590474] *** Host State *** [ 220.606693] RIP = 0xffffffff8116426f RSP = 0xffff88805e20f9d0 [ 220.614898] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 220.632143] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000 [ 220.650431] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 220.660070] CR0=0000000080050033 CR3=00000000923c9000 CR4=00000000001426e0 [ 220.671413] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 220.678535] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 220.684934] *** Control State *** [ 220.688490] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 220.695801] EntryControls=0000d1ff ExitControls=002fefff [ 220.701278] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 220.709706] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 220.721388] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 220.728553] reason=80000021 qualification=0000000000000000 [ 220.735419] IDTVectoring: info=00000000 errcode=00000000 [ 220.740919] TSC Offset = 0xffffff86e4071020 [ 220.746243] TPR Threshold = 0x00 [ 220.749614] EPT pointer = 0x000000009fa9201e [ 220.754049] Virtual processor ID = 0x0001 00:30:51 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:51 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400", 0x15}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:51 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(0xffffffffffffffff, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:30:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:51 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:30:51 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x0, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 223.214966] FAT-fs (loop3): invalid media value (0x00) 00:30:51 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(0xffffffffffffffff, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 223.246302] FAT-fs (loop3): Can't find a valid FAT filesystem [ 223.285297] *** Guest State *** 00:30:51 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x0, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:30:51 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400", 0x15}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) [ 223.289771] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 223.303330] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 223.344379] CR3 = 0x00000000fffbc000 [ 223.348315] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 223.357816] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 00:30:52 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(0xffffffffffffffff, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:30:52 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x0, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 223.387011] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 223.407378] FAT-fs (loop3): invalid media value (0x00) [ 223.409866] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 223.421601] FAT-fs (loop3): Can't find a valid FAT filesystem [ 223.425597] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 223.453525] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 223.471739] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 223.487878] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 00:30:52 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f8", 0x16}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) [ 223.500839] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 223.539506] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 223.557840] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 223.558047] FAT-fs (loop3): count of clusters too big (4294966678) [ 223.570684] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 223.582569] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 223.587453] FAT-fs (loop3): Can't find a valid FAT filesystem [ 223.596257] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 223.603125] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 223.616474] Interruptibility = 00000000 ActivityState = 00000000 [ 223.628273] *** Host State *** [ 223.631670] RIP = 0xffffffff8116426f RSP = 0xffff88805a3bf9d0 [ 223.642866] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 223.649847] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000 [ 223.660831] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 223.668457] CR0=0000000080050033 CR3=000000008aec6000 CR4=00000000001426f0 [ 223.678508] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 223.690629] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 223.699859] *** Control State *** [ 223.703469] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 223.712107] EntryControls=0000d1ff ExitControls=002fefff [ 223.727307] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 223.745774] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 223.762528] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 223.776984] reason=80000021 qualification=0000000000000000 [ 223.787201] IDTVectoring: info=00000000 errcode=00000000 [ 223.796620] TSC Offset = 0xffffff853ef8fd3f [ 223.804684] TPR Threshold = 0x00 [ 223.811625] EPT pointer = 0x000000008f03d01e [ 223.820221] Virtual processor ID = 0x0001 00:30:54 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:54 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:54 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x0, r0}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:30:54 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f8", 0x16}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) 00:30:54 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:54 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) [ 226.232489] FAT-fs (loop3): count of clusters too big (4294966678) [ 226.271911] FAT-fs (loop3): Can't find a valid FAT filesystem 00:30:54 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:30:54 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x0, r0}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:30:55 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f8", 0x16}], 0x0, &(0x7f0000000100)={[{@fat=@showexec='showexec'}]}) [ 226.349420] *** Guest State *** [ 226.357379] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 226.380390] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 00:30:55 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x0, r0}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 226.404067] CR3 = 0x00000000fffbc000 [ 226.408367] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 226.438089] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 00:30:55 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) [ 226.451961] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 226.452117] FAT-fs (loop3): count of clusters too big (4294966678) [ 226.467904] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 00:30:55 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, 0x0) [ 226.502827] FAT-fs (loop3): Can't find a valid FAT filesystem [ 226.512025] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 226.568641] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 226.580525] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 226.591968] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 226.639200] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 226.654870] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 226.664757] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 226.674696] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 226.682959] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 226.692435] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 226.699891] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 226.708604] Interruptibility = 00000000 ActivityState = 00000000 [ 226.715789] *** Host State *** [ 226.719208] RIP = 0xffffffff8116426f RSP = 0xffff88805fe279d0 [ 226.726599] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 226.733885] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000 [ 226.741907] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 226.750505] CR0=0000000080050033 CR3=000000008b31f000 CR4=00000000001426e0 [ 226.758658] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 226.767975] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 226.774830] *** Control State *** [ 226.778432] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 226.787222] EntryControls=0000d1ff ExitControls=002fefff [ 226.792804] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 226.801295] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 226.808771] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 226.816253] reason=80000021 qualification=0000000000000000 [ 226.822691] IDTVectoring: info=00000000 errcode=00000000 [ 226.828851] TSC Offset = 0xffffff839ad191ef [ 226.833726] TPR Threshold = 0x00 [ 226.837102] EPT pointer = 0x0000000095e5101e [ 226.841507] Virtual processor ID = 0x0001 00:30:57 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:30:57 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:30:57 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:30:57 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, 0x0) 00:30:57 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:30:57 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:30:58 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, 0x0) 00:30:58 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:30:58 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x2, r0}) [ 229.380408] *** Guest State *** [ 229.384042] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 229.400499] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 229.414079] CR3 = 0x00000000fffbc000 00:30:58 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 229.435186] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 229.467325] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 229.474319] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 00:30:58 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x2, r0}) [ 229.481477] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 229.492880] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 229.501405] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 229.510879] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 229.520652] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 00:30:58 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)) [ 229.537573] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 229.546926] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 229.556721] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 229.566716] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 229.580842] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 229.610879] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 229.618282] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 229.670499] Interruptibility = 00000000 ActivityState = 00000000 [ 229.683213] *** Host State *** [ 229.686964] RIP = 0xffffffff8116426f RSP = 0xffff88805ffe79d0 [ 229.694776] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 229.715890] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000034000 [ 229.728281] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 229.739375] CR0=0000000080050033 CR3=00000000a9d99000 CR4=00000000001426f0 [ 229.747314] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 229.754350] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 229.760606] *** Control State *** [ 229.765177] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 229.773562] EntryControls=0000d1ff ExitControls=002fefff [ 229.779015] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 229.787611] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 229.795251] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 229.803774] reason=80000021 qualification=0000000000000000 [ 229.810358] IDTVectoring: info=00000000 errcode=00000000 [ 229.818800] TSC Offset = 0xffffff81fb325e35 [ 229.824481] TPR Threshold = 0x00 [ 229.828578] EPT pointer = 0x00000000a8af001e [ 229.839945] Virtual processor ID = 0x0001 [ 230.194199] NOHZ: local_softirq_pending 08 00:31:00 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, 0x0) 00:31:00 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:00 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x2, r0}) 00:31:00 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)) 00:31:00 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:00 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:31:01 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000100)) 00:31:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, 0x0) [ 232.369404] *** Guest State *** [ 232.379950] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 00:31:01 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = eventfd(0x0) r4 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) [ 232.444982] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 232.466866] CR3 = 0x00000000fffbc000 [ 232.476374] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 232.483213] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 00:31:01 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = eventfd(0x0) r4 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) [ 232.490142] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 232.499735] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 232.515869] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 00:31:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, 0x0) [ 232.556407] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 232.579604] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 00:31:01 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = eventfd(0x0) r4 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) 00:31:01 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x0, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 232.605571] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 232.625923] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 232.640725] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 232.665205] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 232.679729] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 232.715521] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 232.724424] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 232.730945] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 232.742222] Interruptibility = 00000000 ActivityState = 00000000 [ 232.749748] *** Host State *** [ 232.753953] RIP = 0xffffffff8116426f RSP = 0xffff88805597f9d0 [ 232.760293] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 232.768289] FSBase=00007fa21b8f8700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000 [ 232.777196] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 232.784085] CR0=0000000080050033 CR3=000000008e366000 CR4=00000000001426f0 [ 232.791479] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 232.799617] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 232.806657] *** Control State *** [ 232.810477] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 232.818329] EntryControls=0000d1ff ExitControls=002fefff [ 232.824934] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 232.832220] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 232.840415] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 232.848176] reason=80000021 qualification=0000000000000000 [ 232.855369] IDTVectoring: info=00000000 errcode=00000000 [ 232.860952] TSC Offset = 0xffffff80623ddb3e [ 232.866433] TPR Threshold = 0x00 [ 232.870272] EPT pointer = 0x00000000a4db701e [ 232.876197] Virtual processor ID = 0x0001 00:31:03 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x3}) 00:31:03 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:03 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x0, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:03 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:03 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:31:04 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x3}) 00:31:04 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 235.425492] *** Guest State *** [ 235.430498] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 235.452731] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 00:31:04 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x0, r0}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 235.479236] CR3 = 0x00000000fffbc000 [ 235.483248] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 235.489434] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 [ 235.496906] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 235.504301] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 00:31:04 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 235.534303] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 235.547081] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 00:31:04 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x3}) [ 235.575777] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 235.598625] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 235.611666] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 00:31:04 executing program 1: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd(0x0) r4 = dup3(r2, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) [ 235.654726] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 235.677422] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 235.685694] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 235.694841] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 235.707534] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 235.716799] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 235.725095] Interruptibility = 00000000 ActivityState = 00000000 [ 235.739229] *** Host State *** [ 235.757623] RIP = 0xffffffff8116426f RSP = 0xffff88809779f9d0 [ 235.765227] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 235.777233] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000 [ 235.786355] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 235.794278] CR0=0000000080050033 CR3=000000008ccc0000 CR4=00000000001426e0 [ 235.801648] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 235.809487] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 235.816262] *** Control State *** [ 235.819922] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 235.827544] EntryControls=0000d1ff ExitControls=002fefff [ 235.833778] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 235.846449] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 235.856197] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 235.865165] reason=80000021 qualification=0000000000000000 [ 235.872770] IDTVectoring: info=00000000 errcode=00000000 [ 235.878331] TSC Offset = 0xffffff7ebec49608 [ 235.884546] TPR Threshold = 0x00 [ 235.888187] EPT pointer = 0x000000008e36601e [ 235.893537] Virtual processor ID = 0x0001 00:31:07 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:07 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6}) 00:31:07 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x0, r0}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:07 executing program 1: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd(0x0) r4 = dup3(r2, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) 00:31:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:07 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:31:07 executing program 1: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd(0x0) r4 = dup3(r2, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) 00:31:07 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6}) 00:31:07 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x0, r0}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 238.464628] *** Guest State *** [ 238.469020] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 238.495160] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 00:31:07 executing program 1: r0 = eventfd(0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:07 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x0, r0}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 238.549662] CR3 = 0x00000000fffbc000 [ 238.559687] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 238.580566] RFLAGS=0x00073ec7 DR7 = 0x0000000000000400 00:31:07 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6}) [ 238.620350] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 238.650555] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 238.669183] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 238.680674] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 238.699253] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 238.739856] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 238.754141] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 238.763539] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 238.772561] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 238.780752] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 238.789213] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 238.797882] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 238.804748] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 238.812810] Interruptibility = 00000000 ActivityState = 00000000 [ 238.819447] *** Host State *** [ 238.823061] RIP = 0xffffffff8116426f RSP = 0xffff8880562ff9d0 [ 238.829417] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 238.836810] FSBase=00007fa21b8f8700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000 [ 238.850512] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 238.860402] CR0=0000000080050033 CR3=00000000a8d57000 CR4=00000000001426e0 [ 238.869517] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0 [ 238.886657] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 238.892986] *** Control State *** [ 238.896601] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 238.908108] EntryControls=0000d1ff ExitControls=002fefff [ 238.915963] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 238.927958] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 238.935229] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 238.946613] reason=80000021 qualification=0000000000000000 [ 238.954668] IDTVectoring: info=00000000 errcode=00000000 [ 238.960311] TSC Offset = 0xffffff7d1dd7dd7e [ 238.970532] TPR Threshold = 0x00 [ 238.974084] EPT pointer = 0x00000000a7e6401e [ 238.978576] Virtual processor ID = 0x0001 00:31:10 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:10 executing program 1: r0 = eventfd(0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:10 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, 0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 00:31:10 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:31:10 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:10 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x2, r0}) 00:31:10 executing program 1: r0 = eventfd(0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:10 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000580)={'syz'}, &(0x7f0000000280)="eb", 0x1, 0xffffffffffffffff) keyctl$revoke(0x3, 0x0) request_key(&(0x7f00000002c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000540)='y\x7fl2\x87eth1\x00', 0x0) 00:31:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 00:31:10 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x2, r0}) 00:31:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 00:31:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2}) 00:31:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 00:31:10 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x2, r0}) 00:31:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2}) 00:31:10 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:31:13 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = eventfd(0x0) r4 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) 00:31:13 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:13 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2}) 00:31:13 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 00:31:13 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:31:13 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000091fa8)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$NLBL_CALIPSO_C_ADD(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0xc050) accept4(r1, 0x0, 0x0, 0x0) 00:31:13 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = eventfd(0x0) r4 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) 00:31:13 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:13 executing program 2 (fault-call:10 fault-nth:0): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:13 executing program 5 (fault-call:10 fault-nth:0): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:31:13 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = eventfd(0x0) r4 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) 00:31:13 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) get_thread_area(&(0x7f0000000040)={0x43ac, 0x20000800, 0x400, 0x0, 0x2, 0x0, 0x0, 0x1}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r3, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) [ 244.741632] FAULT_INJECTION: forcing a failure. [ 244.741632] name failslab, interval 1, probability 0, space 0, times 1 [ 244.779301] CPU: 1 PID: 13147 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 244.787222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 244.796647] Call Trace: [ 244.799346] dump_stack+0x1b2/0x283 [ 244.803137] should_fail.cold+0x10a/0x154 [ 244.807359] should_failslab+0xd6/0x130 [ 244.811335] kmem_cache_alloc+0x28e/0x3c0 [ 244.815491] mmu_topup_memory_caches+0x83/0x300 [ 244.820169] ? kvm_vcpu_kick+0xef/0x1f0 [ 244.824148] kvm_mmu_load+0x1e/0xc90 [ 244.827952] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 244.834371] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 244.839308] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 244.844315] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 244.849791] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 244.854713] ? lock_acquire+0x170/0x3f0 [ 244.858693] ? lock_downgrade+0x6e0/0x6e0 [ 244.862850] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 244.867000] kvm_vcpu_ioctl+0x3df/0xc70 [ 244.870981] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 244.876960] ? trace_hardirqs_on+0x10/0x10 [ 244.881236] ? __fdget_pos+0xa6/0xc0 [ 244.885026] ? fsnotify+0x897/0x1110 [ 244.888840] ? __vfs_write+0xec/0x630 [ 244.892729] ? proc_tid_io_accounting+0x20/0x20 [ 244.897407] ? SyS_write+0x1b7/0x210 [ 244.901129] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 244.907114] do_vfs_ioctl+0x75a/0xfe0 [ 244.910970] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 244.916762] ? ioctl_preallocate+0x1a0/0x1a0 [ 244.921207] ? security_file_ioctl+0x76/0xb0 [ 244.925597] ? security_file_ioctl+0x83/0xb0 [ 244.929984] SyS_ioctl+0x7f/0xb0 [ 244.933335] ? do_vfs_ioctl+0xfe0/0xfe0 [ 244.937298] do_syscall_64+0x1d5/0x640 [ 244.941180] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 244.946477] RIP: 0033:0x45cb29 [ 244.949647] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 244.957343] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 244.964599] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 244.971856] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 244.980063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 244.987325] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:16 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:16 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:16 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000240)=[{&(0x7f0000000140)=""/57, 0x39}], 0x1, 0x0) r1 = gettid() process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)=""/247, 0xffffff50}], 0x1000000000000005, &(0x7f0000000180)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r3) splice(r2, 0x0, r3, 0x0, 0x100000002, 0x0) r4 = inotify_init() kcmp$KCMP_EPOLL_TFD(0x0, r1, 0x7, r0, &(0x7f0000000040)={r3, r4, 0xa6}) r5 = socket$inet_tcp(0x2, 0x1, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = eventfd(0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000000)={r3, 0xaf5b, 0xa88}) r11 = dup3(r9, r7, 0x0) ioctl$KVM_IRQFD(r11, 0x4020ae76, &(0x7f0000000080)={r10, 0x0, 0x3}) 00:31:16 executing program 2 (fault-call:10 fault-nth:1): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:16 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:31:16 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:16 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 247.606843] FAULT_INJECTION: forcing a failure. [ 247.606843] name failslab, interval 1, probability 0, space 0, times 0 [ 247.640368] CPU: 1 PID: 13204 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 247.648915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 247.658697] Call Trace: [ 247.661318] dump_stack+0x1b2/0x283 [ 247.665058] should_fail.cold+0x10a/0x154 [ 247.669455] should_failslab+0xd6/0x130 [ 247.674065] kmem_cache_alloc+0x28e/0x3c0 [ 247.678362] mmu_topup_memory_caches+0x83/0x300 [ 247.683133] ? kvm_vcpu_kick+0xef/0x1f0 [ 247.687215] kvm_mmu_load+0x1e/0xc90 [ 247.690981] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 247.696444] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 247.701916] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 247.707338] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 247.712903] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 247.717760] ? lock_acquire+0x170/0x3f0 [ 247.721846] ? lock_downgrade+0x6e0/0x6e0 [ 247.726100] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 247.730268] kvm_vcpu_ioctl+0x3df/0xc70 [ 247.734455] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 247.740439] ? trace_hardirqs_on+0x10/0x10 [ 247.744682] ? __fdget_pos+0xa6/0xc0 [ 247.748416] ? fsnotify+0x897/0x1110 [ 247.752135] ? __vfs_write+0xec/0x630 [ 247.755950] ? proc_tid_io_accounting+0x20/0x20 [ 247.760721] ? SyS_write+0x1b7/0x210 [ 247.765061] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 247.770957] do_vfs_ioctl+0x75a/0xfe0 [ 247.774944] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 247.780745] ? ioctl_preallocate+0x1a0/0x1a0 [ 247.785141] ? security_file_ioctl+0x76/0xb0 [ 247.789721] ? security_file_ioctl+0x83/0xb0 [ 247.794283] SyS_ioctl+0x7f/0xb0 [ 247.797632] ? do_vfs_ioctl+0xfe0/0xfe0 [ 247.801601] do_syscall_64+0x1d5/0x640 [ 247.805595] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 247.810779] RIP: 0033:0x45cb29 [ 247.813957] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 247.821817] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 247.829210] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 247.836557] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 247.844082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 00:31:16 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 247.851338] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) r7 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r7, 0x118, 0x1, &(0x7f00000001c0), 0x4) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000000, 0x30, r7, 0x1254a000) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6, 0x7f, 0xfffffffd}) r8 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:31:16 executing program 3: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd(0x0) r4 = dup3(r2, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) 00:31:16 executing program 1: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:19 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)='fS\a\x00', 0x4}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:19 executing program 2 (fault-call:10 fault-nth:2): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:19 executing program 3: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd(0x0) r4 = dup3(r2, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) 00:31:19 executing program 1: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:19 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = accept$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @empty}, &(0x7f00000000c0)=0x10) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000340)={r6, @in6={{0xa, 0xe20, 0x0, @mcast1}}, 0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x1}, 0x9c) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000002, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(0xffffffffffffffff, 0x8008ae9d, &(0x7f0000000240)=""/80) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, &(0x7f0000000100)={r6, @in6={{0xa, 0x4e21, 0x7fff, @local, 0x3}}}, 0x84) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = eventfd(0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000000)={r9}) r10 = dup3(r8, r3, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r9, 0x0, 0x3}) 00:31:19 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:31:19 executing program 1: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:19 executing program 3: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd(0x0) r4 = dup3(r2, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) [ 250.679180] FAULT_INJECTION: forcing a failure. [ 250.679180] name failslab, interval 1, probability 0, space 0, times 0 [ 250.708610] CPU: 0 PID: 13297 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 250.716535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 250.726499] Call Trace: 00:31:19 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x4) close(r3) splice(r2, 0x0, r3, 0x0, 0x100000002, 0x0) ioctl$KVM_SMI(r2, 0xaeb7) syz_init_net_socket$ax25(0x3, 0x3, 0xcf) pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x84800) ioctl$SG_EMULATED_HOST(r4, 0x2203, &(0x7f0000000100)) r5 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x20000, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = eventfd(0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000000)={r9}) r10 = dup3(r8, r6, 0x0) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x103100, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r9, 0x0, 0x3}) [ 250.729446] dump_stack+0x1b2/0x283 [ 250.733087] should_fail.cold+0x10a/0x154 [ 250.737255] should_failslab+0xd6/0x130 [ 250.741673] kmem_cache_alloc+0x28e/0x3c0 [ 250.746529] mmu_topup_memory_caches+0x83/0x300 [ 250.751385] ? kvm_vcpu_kick+0xef/0x1f0 [ 250.755378] kvm_mmu_load+0x1e/0xc90 [ 250.759182] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 250.764633] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 250.769573] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 250.774535] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 250.779732] ? lock_acquire+0x170/0x3f0 [ 250.783745] ? lock_downgrade+0x6e0/0x6e0 [ 250.787991] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 250.792154] kvm_vcpu_ioctl+0x3df/0xc70 [ 250.796148] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 250.802050] ? trace_hardirqs_on+0x10/0x10 [ 250.806290] ? __fdget_pos+0xa6/0xc0 [ 250.810011] ? fsnotify+0x897/0x1110 [ 250.813748] ? __vfs_write+0xec/0x630 [ 250.817553] ? proc_tid_io_accounting+0x20/0x20 [ 250.822225] ? SyS_write+0x1b7/0x210 [ 250.825950] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 250.831840] do_vfs_ioctl+0x75a/0xfe0 [ 250.835650] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 250.841393] ? ioctl_preallocate+0x1a0/0x1a0 [ 250.845860] ? security_file_ioctl+0x76/0xb0 [ 250.850719] ? security_file_ioctl+0x83/0xb0 [ 250.855226] SyS_ioctl+0x7f/0xb0 [ 250.858589] ? do_vfs_ioctl+0xfe0/0xfe0 [ 250.862562] do_syscall_64+0x1d5/0x640 [ 250.866448] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 250.871879] RIP: 0033:0x45cb29 [ 250.875052] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 250.882905] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 250.890183] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 250.898248] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 250.906047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 250.913321] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:19 executing program 3: r0 = eventfd(0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:19 executing program 2 (fault-call:10 fault-nth:3): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:19 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 251.121323] FAULT_INJECTION: forcing a failure. [ 251.121323] name failslab, interval 1, probability 0, space 0, times 0 [ 251.150767] CPU: 0 PID: 13374 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 251.158707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 251.168067] Call Trace: [ 251.170667] dump_stack+0x1b2/0x283 [ 251.174305] should_fail.cold+0x10a/0x154 [ 251.178461] should_failslab+0xd6/0x130 [ 251.182439] kmem_cache_alloc+0x28e/0x3c0 [ 251.186593] mmu_topup_memory_caches+0x83/0x300 [ 251.191268] ? kvm_vcpu_kick+0xef/0x1f0 [ 251.195247] kvm_mmu_load+0x1e/0xc90 [ 251.198970] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 251.204426] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 251.209374] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 251.214311] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 251.219774] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 251.224628] ? lock_acquire+0x170/0x3f0 [ 251.228608] ? lock_downgrade+0x6e0/0x6e0 [ 251.232768] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 251.236922] kvm_vcpu_ioctl+0x3df/0xc70 [ 251.241344] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 251.247238] ? trace_hardirqs_on+0x10/0x10 [ 251.251483] ? __fdget_pos+0xa6/0xc0 [ 251.255205] ? fsnotify+0x897/0x1110 [ 251.258922] ? __vfs_write+0xec/0x630 [ 251.263176] ? proc_tid_io_accounting+0x20/0x20 [ 251.267849] ? SyS_write+0x1b7/0x210 [ 251.271747] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 251.278101] do_vfs_ioctl+0x75a/0xfe0 [ 251.282833] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 251.290065] ? ioctl_preallocate+0x1a0/0x1a0 [ 251.294739] ? security_file_ioctl+0x76/0xb0 [ 251.299919] ? security_file_ioctl+0x83/0xb0 [ 251.304331] SyS_ioctl+0x7f/0xb0 [ 251.307684] ? do_vfs_ioctl+0xfe0/0xfe0 [ 251.311466] NOHZ: local_softirq_pending 08 [ 251.311648] do_syscall_64+0x1d5/0x640 [ 251.320634] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 251.325821] RIP: 0033:0x45cb29 [ 251.329102] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 251.337996] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 251.347329] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 251.354898] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 251.363504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 251.370772] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:22 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)='fS\a\x00', 0x4}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:22 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x40000400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc4c85513, &(0x7f0000000240)={{0xa, 0x5, 0x10000, 0x45a, 'syz1\x00', 0x9}, 0x1, [0x7, 0x1000, 0x1000, 0xffffffffffff599b, 0x4, 0x9, 0x1ff, 0x4, 0x5, 0x8, 0x2, 0x62, 0x5, 0x100000001, 0x100, 0x100, 0x7, 0x74b, 0x7, 0x101, 0x3, 0x7fffffff, 0xffff, 0x2, 0xc5, 0x9bf, 0x3, 0x2, 0x5, 0xa2, 0x671, 0x1, 0x8, 0x1, 0x1, 0x9, 0xd0, 0x18, 0x1ff, 0x7, 0xa9c1, 0x1, 0x7a761294, 0x7, 0x4, 0x9, 0x1, 0x8000, 0x3, 0x8, 0x2, 0x0, 0x1ff, 0x9, 0x10000, 0x101, 0x49f, 0x9, 0x81, 0x9, 0x9a, 0x7, 0x5, 0x8000, 0x2, 0x2770, 0x5, 0x6, 0x3e, 0x3, 0x7, 0x3, 0xfff, 0x40, 0x1, 0xdd72, 0x0, 0x7, 0x4, 0xffffffff, 0xc64fde5, 0x0, 0x7, 0x1, 0xffffffff80000000, 0x1f, 0x1000, 0x6, 0x5, 0x3f, 0x4, 0x1, 0x0, 0x1, 0xbb0, 0x7, 0x9, 0x8, 0x8001, 0x100, 0x7f, 0x1f, 0x3f, 0x40, 0x1, 0x3, 0x8000, 0x3f, 0x7, 0x7, 0x37, 0x2, 0x401, 0x0, 0x2, 0xffc, 0x2, 0x3f, 0x0, 0x36e7, 0x10000, 0x7fffffff, 0x2, 0x80000000, 0x4, 0x5, 0x628, 0x2b]}) r5 = gettid() process_vm_writev(r5, &(0x7f0000000000)=[{&(0x7f0000000040)=""/247, 0xffffff50}], 0x1000000000000005, &(0x7f0000000180)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) move_pages(r5, 0x6, &(0x7f0000000040)=[&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil], &(0x7f00000000c0)=[0x3, 0x8], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x5) r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r7 = eventfd(0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={r7}) r8 = dup3(r6, r3, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x3}) setsockopt(r1, 0x4, 0xd5e, &(0x7f0000000740)="c25bd8bde6debf814d08d5dfe7a66585e6f85d7a644de15fe1093795fcf8279b3baf7a05a0009262b643cc3ae9d035bcae1796e493cf8c4edfbd4e69eafa28b4ff84ac7117c2e7328f4042e336e00e7eba31e111770625e301b982e979c83514f1dbaba302d2e3ca9a55cb7c053c338d83a9f7e0f9abe9bb72cfa03430b0ddb21dc866a2da0f75fb7db07d2a24dcdffa36a47dc0784128b78fa38166e74d89994fcad031000082502f75a748e29055a2de7ad17ee9b7817c028a048631b7d1e5b62f54493795659b13feb49fbd7a1d5acef00c92a1091a6e9f48893f2c95abc26b72a60b1a00e642ab1bf87e56a18d48d484a27ca8caeac894d6cf150cc01c100231d566872db8b205ad9b21ef21b0bd599d0bc972cd68d7a02497f0f87aebd4182eab7ad6a1dbf4f49b30453d73c0951345150ead2c9253c4338793a5ecfb58ea2b48ecc650d516042e5ed16cd51e6ab83e572cfdcf78458b1a4bb1d1ae9489762ac3e618a87edd14ae64886e801f2c27385a7a75b451cc102c8df5c6ecad87fb2f515d291f7631cd94d2c4339a2de433e1e45acf8f43c2ae8a6b578244d8b0f2de29c25c736244b02beaa7ebfbb8741444bb04ac2419eb8a16e0fe9d3315b68a2da81952e342ef605dfcc143db0dad9538de438f2a068ae697b7e8cc4910acf000a99e0b6b47af0a3c5f70916c77de37f6b6176b4ed28aca35579b45409c6e5d7f2c503c2a6b141aa7eabe32d3ed550abe209762184211a295752bfeba49158bebf39a356610d486c74435f967ba4c1799a68836d81eae8633d60fb37e74644eaa09c4e311243ec1d3cce791b895fec2ea7f5276d55a5cfe551d1bfe8785e1c590fc3e0bbd50c64d60f9325836347a82d4a42834fa075fe64c446080951c5bdca23efa7a0716080fdc6677c5fba95b9f9113e52db56d56ee1cfdbdbf5b4f2c69df53fb1cb7c1d202f06ea13890c292e2d3f0a1c8815663fd331563702110a950c0e8bdd690efb4405592e53ad1c19860820ea1c43b9fb4be00922d72208e2a75fbdbb9530526833a63c2dbc5ac4347516dc022e03323d7538ca347be1a06c6a90728b717ed9f02ff717e3a2b9ae37be92ffe1607bda66e9e1e2e1c7603b8a4855f07582dc8b4550f563533a51b141705977d95a350d5b01d0f0771cba42926bebea4c0881d1bc9ca7eb22cb040c648e9f027b28ecddab91590e8d9a7adc8982f975106802f875f0999760d3dae44df7ed1596e0b7495f1ebe550f2ad430b4da92e4e7aca0feffcfb169281d4402b2fa0f1b0ec270d5bdb3b97700b64c1549487e77dda3602cb72854ded6993dec5076bc10c51ca95fc4dec4ea23f4fcc1a39bca5ba094a475e6b1261bb84e48f4d37e2ab3a5e72285c00e0ce4a58d2e858bcc7b1df37c13b6c6d4991c5c5c7a005c10c5956ab4896c8d40ea5bb44209d5d35257a2f1d954277d3033d338e42778f1b0b640bd5dc30d82918df701b6d40516da9914950f94aac07cc9ae071f883b04edd63a3978233529aedc73f027cb6c80518af368901eb00e0ed7d8098dd4283611d75d50f0f5aa7e5fe2119f76d4daf24c8164063ddf9e1f460004e1bac9503d356502fb41fc2402af57fc474c787c3d0ca726b8fd51c481bb82f1a4a59689023e64fb68553e8bd752fd12645ff48a479d9aab693fd4c4c1cae077e02c3fabf167f063af4af905ecac8a369ebf018bf8b976700170e1a5b49aee681fa7684479d0d61ceee0351a745b856c23b1a00eb29d920a5b56588306cdd464610547b43f84dda970ced2f925b89464f842016cc6ea15f5472620a68cbc47c46f4d5e2303f09161cf89eeca5750619a1a3af5320e0dbf321e265cbe4197fabc5abec2fd8b1f0b7320e8c99ff6b075ec8539186ae264ab81cf69da9b78cfeafa305aebffd1972d8d116bc24c2536c90c43fb3e4092c68452cecfdaf5ca6577c5c459250c89853c72c4820846880138e1dc51e653989335da85c7dd3184f812ab26a90dc9ec96847080ee0abcd662bc0a0e6ee838e4ee18a103ea26eb187f4e2fed786c5918d69005c4461d70561ad97e126b08b92efaed10dbb2337ef68633eb0a79a35f73d5cf0d60b8ca40b462effd92e3d82d1f0cb5cdb98fef34ea25c4ad8967c452f8b1b8a0dcdc2c1646c044d51abd1a910cadfcbb4cd0fb9a217a977afe262e61e3830adb01f075e57551966bc96c0ef1cede5c3206640fd58b8d7c19d8532fd8a028b1551940ac2ccc4e8ca04979345eba063d0eff44af90648fdcc238ff39647ba7fa064658d657dc532b9f4c3a30bf42393a2f5675834f8c6919f1f07b643ff1490741b091dd6d97586c798ca86e3be72299c182692cd8b341bf4001548cfb417ecd6f52b90cf6e0516c12d2e2058e1b7799ed109f9e08bbae3ab597e2871e4acc4b79a20994953b0a90ed96b2535e959a3aa633a3e43cc6661fcb28dbcb35fe83fde852c7d6361e5e728b3782e5d06c2b0c880ab28d4bfc47649493297cda5b83f81e22f81bb687e748390d7de20be0935d11e0b1a0edd1374825014a591c08fd11abf645e6e836aba1263a0fa2172b5a030c5be3a63a8053c9a61331a078d294eb3b224b8e743100e99fdb7861e27642331cbb71d3b2fa90a2fda5813d63d397bfadddc24dc55908e4c5044a6c005e919d413c66ff530424278adc9a6d34afe39af9b9453feaafedf3242ce5ad623db08b25680d502f058204b7284f95f94ae295caba4bf91399292e347919bf6f5fed009cd92d4475c6cb5bac6dced1d71548f4ab48d2ebc34f84ba7ea0d62329e4df2f1a397cff5f0ab2d05536bbbedcd3d20d0f284bea6c4e0f57fc1d1f3f53c9246e83b020095b3e3109a924354cd276e0ab8d76056f53aeb85162f38b6261c864350bf849e33435c60725a169d70ae280a92167fe320708bab55a900a037806e60ded5e39b4ed7e7a96bbafdd6f25fcfa6763c516345aad70515c99fb5ecf758862a4cb017068a9f5be63079fdb6a942ee31ff8d7881a733f65cdaac0223a11d0530c8ec95c6f3fe073e2eb32bc4f83597c9f31b25c74b4aa9ff0e6eb9c2c12fc25a16dc92abb681c07db775cce4d9aff05a466143a1c6d92224e205cae4fff87e1850f59ec5da365fb6733a28e3b1749f346e5af7510d8e26a97d69e8e24105f785b20cc22682c5976aafa05062462ec20dfac16ea86b7672c5cfd94e7960f6da39f6855149dbdfd4f59409a1a70d29693b13cbd26f9bc9a43dc8b39c3684a00cdbc1d041e1b01e96de9558a99ad2e13ddd7058cef2e3ed6a39de7f4b87c952d36dcc54c3af86d2875ee365b4ff1fc04de60b5346fc33be0f5ce3e85bdcb40f9726216426230a20204e48616d5aa537d9685ace6c7f84ff22ebbe0f9abcbfdf140c3c199c56941bb64670803dc2b37237c594265a1831ae116bdf29d49d7998665c882d7ececd87e40a32297646ec10e3747ecec3d6bbc51abd353e94f349fde0bc12639c724ad108fd7df6dc071d7af35bf575d1f3566983b0fb19fa2eccca49b2fbde5028934f06d373243d32e07bb5931a050a6c2462f8da390977743d4fe1198ecfc35e008bc2e44ac838e328895385ddb5178bdc6dc31b87300096a6dd3336cde7132edb51846b19b5d00d8b14ebc168f08d76dafbc680ecf88a47e8c4d2e1753f4ebf9d11f2bea59a6d19c4ea23c5f28bfb878f7b51482fd65bf19266a888e90ce9f9e04358a2a037b6824bbec76e87775a610e8f375086fe8789e1e88799ecf801b0dce4727d015b7f49e4c9722a8c1f3a0de240705f4711b7be3013510da82f7431ffda19cb68b61c346c200ea2aeeb7328a5d29caea9e8166e9e723b302595d44e7516ac4a3732f43e36382edf498be543a5412de3a97f197d2523aabb488a3cc5f15ea8b26326ddf36464943dcd20a59c723d4f15422ce6fe62a2d5cb6fadb0c1ede5dfb05005ee50232ea9287ad1708a3723afa4ea15ad38dca6a2a37a7c7bf1c23c243656af13b10b4511a291c53920bd02fa02d40198121383999dcd2b160f3b726675213c5ad176aad1cca3e3e7b9350fd7c298f414ce0f9f24194a44d4d6666371e552d17e681bfba1bb53bb7b85c3858021553c6e3a225799893fc8590b7fa46ecda83099596b1fc6f7f1bbeae49d471e50fd4de3499cb7373f7f4fcec0df699e54c4fb11d77e7efa5d61ef2ca7f00f37fdb4c493d14304462f07d50f7e49c620e40f1643bba578da95fe9215594d98016a59d2eeb31e4b456af9e6e17a5f5b879e63e741cdf05ce83fe1a3a26d7303c987dc38c4578bcac01d6b4cee72235747813eb873d20f4617539933836c8608a314eee4f9374d04eabc8c1644ba5c40212c9ac61ccbb2cf0297194b6fd15a45ec204f50dde07c54f80c80e1edcd70c3d56e261234788dc816b4a2d8983b72344c9f7e98b0972058c35f9c6641e844f7f4218bd1d73c58632402cf61cfb1442a7ff816526725454e316fa366ea57d647f09ad7264af94e0d180279cc3e330645255ac53278811d3d003b37407a88f69005c3ea6b66a834bf7d2aca7ad65e3c31b2ce2a20eda33d2606e3694ae80cea49b2d7346a46de900b72cea762361d0d8116a7e396a024a42d11c68eff42f13ebf1603c6d81cd37d9076d18933f3c4bad0bbcfb01ba572e1416a906e56d4a2478dce323ef86c30779a6d6f09de759444c006f06a552612454a773de86e81f9833252db46e22330707ce33347715ae9fb8a23cbacb44341ee5d8a4a225510612f03f84f462d4442441092c62d257e600abfd9189b0d10971b62938662539a852151e49da56de8d4c5ca803d310cf0780cf49cde373809b3e3fa079e7e4a5391ed6960d5a82904726b57f0c334dc87a759d14ac59c6f395d7de8aae62e90dc7aa56cbb46971f04ee2bef0aa31e1ffab097cd529db7fe39764758d9c86e9f513dc2ad16049fa988089fdee25a9fe5cfac926b6b0814a3a468352994b296016db6c17c4ebed77cf00b446a25038279e4e0385c0f1450a921b88bb5cff52158f4d32d58247fcac1f223f0db9fcb7f9bfec5b27f8a83f6d1c9b034beca7545185cbe5a65a51607ad10cc8a1fe075cffdc7ce92849dacad3596417bb5e6dd1a29ecba45832887b2ed81339ed69c6cedc4c28464f98bd4870a84d00c052dfd121c98a1b7514118d00edf20de33b52db9e6bf208ec465d2829ea436d8b0860c5475c74cb92d2137a45303bc83e69220eaee1caed7d989b026860a80c7636471a522a9f76b2f3f70d7d1e8c625939d4dbfc6cc4eaef20c39df47b72547ef4fa70a60073fa88cefdd6e8f3a91d96b5aa82a3e51966741a62d5706cece57d14d85c1893ca5f48206422f5e9df3764e2c0e7fd53574fce7d613f150fd0d4945a55c43fd01da703e20fa7fb652567808e09a70f8b73104df264f9fb8652f4af7be081668a7e90f6456bfed3caf59bba78c72d77c356a3f700d88ada7d2b4f99ce66e7512ef058ea8886385c90814d1f18670110deda68a0052d9a25760627509660bc3c2670a12332bc9ccf43bfc6a7a7536dc87b0dd62bd42ab6df620256b55709e9b3bdf4253e19facb5a5ce15b2bce4cd7eaf5fc3d7dcf8cdece895f11a0d30b475fb4f4bb1cf29cfdd6ac84f905a2991972382b3b64447da7de8680328b91affa0594ceda09390b1a7c81c7df0c72d80b4fbd91433456a261578431e8ce00ad8f27dcf3effc8164e565b79392547948261483096763e47a2b168bc1adb21355a9f5b50dbe1b72d6d32f53f29fd54e9c47b3ead98a8c2dcd8f8b92c99ae51", 0x1000) 00:31:22 executing program 3: r0 = eventfd(0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:22 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:22 executing program 2 (fault-call:10 fault-nth:4): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:22 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:31:22 executing program 3: r0 = eventfd(0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 253.994363] FAULT_INJECTION: forcing a failure. [ 253.994363] name failslab, interval 1, probability 0, space 0, times 0 [ 254.047204] CPU: 0 PID: 13410 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 254.058864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 254.071209] Call Trace: [ 254.074068] dump_stack+0x1b2/0x283 [ 254.078325] should_fail.cold+0x10a/0x154 [ 254.082534] should_failslab+0xd6/0x130 [ 254.088172] kmem_cache_alloc+0x28e/0x3c0 [ 254.093454] mmu_topup_memory_caches+0x83/0x300 [ 254.100708] ? kvm_vcpu_kick+0xef/0x1f0 [ 254.106166] kvm_mmu_load+0x1e/0xc90 [ 254.110185] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 254.118567] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 254.123775] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 254.128723] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 254.136023] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 254.141492] ? lock_acquire+0x170/0x3f0 [ 254.145587] ? lock_downgrade+0x6e0/0x6e0 [ 254.150242] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 254.154760] kvm_vcpu_ioctl+0x3df/0xc70 [ 254.158753] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 254.164745] ? trace_hardirqs_on+0x10/0x10 [ 254.169943] ? __fdget_pos+0xa6/0xc0 [ 254.179855] ? fsnotify+0x897/0x1110 [ 254.183579] ? __vfs_write+0xec/0x630 [ 254.187666] ? proc_tid_io_accounting+0x20/0x20 [ 254.192441] ? SyS_write+0x1b7/0x210 00:31:22 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2}) [ 254.196205] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 254.202295] do_vfs_ioctl+0x75a/0xfe0 [ 254.206636] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 254.213054] ? ioctl_preallocate+0x1a0/0x1a0 [ 254.217760] ? security_file_ioctl+0x76/0xb0 [ 254.222378] ? security_file_ioctl+0x83/0xb0 [ 254.227068] SyS_ioctl+0x7f/0xb0 [ 254.230874] ? do_vfs_ioctl+0xfe0/0xfe0 [ 254.234874] do_syscall_64+0x1d5/0x640 [ 254.238788] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 254.244001] RIP: 0033:0x45cb29 00:31:22 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2}) 00:31:22 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:22 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) mmap$fb(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000007, 0x4000010, r2, 0x30000) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x200, 0x3}) [ 254.247213] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 254.255293] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 254.262565] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 254.269840] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 254.277123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 254.284397] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:23 executing program 2 (fault-call:10 fault-nth:5): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 254.488475] FAULT_INJECTION: forcing a failure. [ 254.488475] name failslab, interval 1, probability 0, space 0, times 0 [ 254.500998] CPU: 1 PID: 13499 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 254.508917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 254.518392] Call Trace: [ 254.520994] dump_stack+0x1b2/0x283 [ 254.524654] should_fail.cold+0x10a/0x154 [ 254.528815] should_failslab+0xd6/0x130 [ 254.532833] kmem_cache_alloc+0x28e/0x3c0 [ 254.537113] mmu_topup_memory_caches+0x83/0x300 [ 254.541787] ? kvm_vcpu_kick+0xef/0x1f0 [ 254.545769] kvm_mmu_load+0x1e/0xc90 [ 254.549509] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 254.554969] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 254.559908] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 254.564863] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 254.570327] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 254.575175] ? lock_acquire+0x170/0x3f0 [ 254.579159] ? lock_downgrade+0x6e0/0x6e0 [ 254.583317] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 254.587731] kvm_vcpu_ioctl+0x3df/0xc70 [ 254.591713] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 254.598129] ? trace_hardirqs_on+0x10/0x10 [ 254.602370] ? __fdget_pos+0xa6/0xc0 [ 254.606092] ? fsnotify+0x897/0x1110 [ 254.609810] ? __vfs_write+0xec/0x630 [ 254.613612] ? proc_tid_io_accounting+0x20/0x20 [ 254.618285] ? SyS_write+0x1b7/0x210 [ 254.622007] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 254.627899] do_vfs_ioctl+0x75a/0xfe0 [ 254.631711] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 254.637340] ? ioctl_preallocate+0x1a0/0x1a0 [ 254.641773] ? security_file_ioctl+0x76/0xb0 [ 254.646187] ? security_file_ioctl+0x83/0xb0 [ 254.650601] SyS_ioctl+0x7f/0xb0 [ 254.653964] ? do_vfs_ioctl+0xfe0/0xfe0 [ 254.657948] do_syscall_64+0x1d5/0x640 [ 254.661854] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 254.667033] RIP: 0033:0x45cb29 [ 254.670200] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 254.677995] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 254.685384] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 254.692638] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 254.699906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 254.707157] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:25 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)='fS\a\x00', 0x4}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:25 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2}) 00:31:25 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) modify_ldt$read(0x0, &(0x7f00000000c0)=""/160, 0xa0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r6) splice(r5, 0x0, r6, 0x0, 0x100000002, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r6, 0xc018620b, &(0x7f0000000040)) r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r8 = eventfd(0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000000)={r8}) r9 = dup3(r7, r3, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x3}) 00:31:25 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:31:25 executing program 2 (fault-call:10 fault-nth:6): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:25 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 257.078790] FAULT_INJECTION: forcing a failure. [ 257.078790] name failslab, interval 1, probability 0, space 0, times 0 00:31:25 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 257.138915] CPU: 0 PID: 13533 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 257.146844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 257.156202] Call Trace: [ 257.158815] dump_stack+0x1b2/0x283 [ 257.162454] should_fail.cold+0x10a/0x154 [ 257.166612] should_failslab+0xd6/0x130 [ 257.170591] kmem_cache_alloc+0x28e/0x3c0 [ 257.174751] mmu_topup_memory_caches+0x83/0x300 [ 257.179443] ? kvm_vcpu_kick+0xef/0x1f0 [ 257.183444] kvm_mmu_load+0x1e/0xc90 [ 257.187167] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 257.192626] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 257.197574] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 257.202516] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 257.207985] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 257.212838] ? lock_acquire+0x170/0x3f0 [ 257.217080] ? lock_downgrade+0x6e0/0x6e0 [ 257.221326] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 257.225478] kvm_vcpu_ioctl+0x3df/0xc70 [ 257.229556] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 257.235447] ? trace_hardirqs_on+0x10/0x10 [ 257.239690] ? __fdget_pos+0xa6/0xc0 [ 257.243408] ? fsnotify+0x897/0x1110 [ 257.247129] ? __vfs_write+0xec/0x630 [ 257.250978] ? proc_tid_io_accounting+0x20/0x20 [ 257.255654] ? SyS_write+0x1b7/0x210 [ 257.259374] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 257.265350] do_vfs_ioctl+0x75a/0xfe0 [ 257.269173] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 257.274805] ? ioctl_preallocate+0x1a0/0x1a0 [ 257.279230] ? security_file_ioctl+0x76/0xb0 [ 257.283644] ? security_file_ioctl+0x83/0xb0 00:31:25 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000040)=@req={0x81, 0x3, 0x5, 0x1}, 0x10) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4}) r5 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r5, 0x118, 0x1, &(0x7f00000001c0), 0x4) recvmmsg(r5, &(0x7f00000066c0)=[{{&(0x7f00000000c0)=@un=@abs, 0x80, 0xfffffffffffffffe, 0x0, &(0x7f0000000240)=""/236, 0xec}, 0x7fffffff}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000140)=""/16, 0x10}, {&(0x7f0000000340)=""/4096, 0x1000}], 0x2}, 0x6}, {{0x0, 0x0, &(0x7f0000002780)=[{&(0x7f0000001340)=""/53, 0x35}, {&(0x7f0000001380)=""/4096, 0x1000}, {&(0x7f0000002380)=""/155, 0x9b}, {&(0x7f0000002440)=""/160, 0xa0}, {&(0x7f0000002500)=""/9, 0x9}, {&(0x7f0000002540)=""/27, 0x1b}, {&(0x7f0000002580)=""/168, 0xa8}, {&(0x7f0000002640)=""/48, 0x30}, {&(0x7f0000002680)=""/240, 0xf0}], 0x9, &(0x7f0000002840)=""/57, 0x39}, 0x1}, {{&(0x7f0000002880)=@l2, 0x80, &(0x7f0000003980)=[{&(0x7f0000002900)=""/13, 0xd}, {&(0x7f0000002940)=""/4096, 0x1000}, {&(0x7f0000003940)=""/59, 0x3b}], 0x3, &(0x7f00000039c0)=""/197, 0xc5}, 0x8001}, {{&(0x7f0000003ac0)=@ethernet={0x0, @multicast}, 0x80, &(0x7f0000003bc0)=[{&(0x7f0000003b40)=""/94, 0x5e}], 0x1, &(0x7f0000003c00)=""/52, 0x34}, 0x3}, {{&(0x7f0000003c40)=@qipcrtr, 0x80, &(0x7f0000005d40)=[{&(0x7f0000003cc0)=""/4096, 0x1000}, {&(0x7f0000006900)=""/4096, 0x1000}, {&(0x7f0000005cc0)=""/122, 0x7a}], 0x3, &(0x7f0000005d80)=""/149, 0x95}, 0x81}, {{&(0x7f0000005e40)=@vsock={0x28, 0x0, 0x0, @host}, 0x80, &(0x7f0000006200)=[{&(0x7f0000005ec0)=""/97, 0x61}, {&(0x7f0000005f40)=""/26, 0x1a}, {&(0x7f0000005f80)=""/239, 0xef}, {&(0x7f0000006080)=""/167, 0xa7}, {&(0x7f0000006140)=""/180, 0xb4}], 0x5, &(0x7f0000006280)=""/152, 0x98}, 0xffffffff}, {{&(0x7f0000006340)=@sco={0x1f, @none}, 0x80, &(0x7f00000065c0)=[{&(0x7f00000063c0)=""/81, 0x51}, {&(0x7f0000006440)=""/188, 0xbc}, {&(0x7f0000006500)=""/159, 0x9f}], 0x3, &(0x7f0000006600)=""/153, 0x99}, 0xa0}], 0x8, 0x2000, &(0x7f00000068c0)) r6 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x3}) [ 257.288055] SyS_ioctl+0x7f/0xb0 [ 257.291420] ? do_vfs_ioctl+0xfe0/0xfe0 [ 257.295398] do_syscall_64+0x1d5/0x640 [ 257.299292] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 257.304743] RIP: 0033:0x45cb29 [ 257.307927] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 257.315637] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 257.322999] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 257.330270] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 00:31:26 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 257.337540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 257.344821] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:26 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:28 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="665307000005", 0x6}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:28 executing program 2 (fault-call:10 fault-nth:7): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:28 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:28 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0xc0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) fchdir(r2) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) r8 = gettid() process_vm_writev(r8, &(0x7f0000000000)=[{&(0x7f0000000040)=""/247, 0xffffff50}], 0x1000000000000005, &(0x7f0000000180)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) move_pages(r8, 0x3, &(0x7f0000000040)=[&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x3000)=nil], &(0x7f00000000c0)=[0x0, 0x4, 0x2, 0x4, 0xffff, 0x3, 0x201, 0x407e], &(0x7f0000000100)=[0x0, 0x0], 0x4) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:31:28 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:28 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:31:28 executing program 3: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 260.128100] FAULT_INJECTION: forcing a failure. [ 260.128100] name failslab, interval 1, probability 0, space 0, times 0 [ 260.177170] CPU: 0 PID: 13639 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 260.185099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 260.194474] Call Trace: [ 260.197082] dump_stack+0x1b2/0x283 [ 260.200727] should_fail.cold+0x10a/0x154 [ 260.204907] should_failslab+0xd6/0x130 [ 260.208896] kmem_cache_alloc+0x28e/0x3c0 [ 260.213066] mmu_topup_memory_caches+0x83/0x300 [ 260.217750] ? kvm_vcpu_kick+0xef/0x1f0 [ 260.221738] kvm_mmu_load+0x1e/0xc90 [ 260.225465] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 260.231013] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 260.235961] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 260.241162] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 260.246630] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 260.251776] ? lock_acquire+0x170/0x3f0 [ 260.256637] ? lock_downgrade+0x6e0/0x6e0 [ 260.260885] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 260.265036] kvm_vcpu_ioctl+0x3df/0xc70 [ 260.269808] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 260.275703] ? trace_hardirqs_on+0x10/0x10 [ 260.279945] ? __fdget_pos+0xa6/0xc0 [ 260.283857] ? fsnotify+0x897/0x1110 [ 260.289955] ? __vfs_write+0xec/0x630 [ 260.293863] ? proc_tid_io_accounting+0x20/0x20 [ 260.298632] ? SyS_write+0x1b7/0x210 [ 260.303286] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 260.309935] do_vfs_ioctl+0x75a/0xfe0 [ 260.314219] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 260.320212] ? ioctl_preallocate+0x1a0/0x1a0 [ 260.325507] ? security_file_ioctl+0x76/0xb0 [ 260.330897] ? security_file_ioctl+0x83/0xb0 [ 260.335561] SyS_ioctl+0x7f/0xb0 [ 260.339169] ? do_vfs_ioctl+0xfe0/0xfe0 [ 260.344036] do_syscall_64+0x1d5/0x640 [ 260.349197] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 260.356351] RIP: 0033:0x45cb29 [ 260.359958] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 260.369865] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 00:31:29 executing program 3: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:29 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:29 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = accept$packet(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) accept4$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14, 0x0) r3 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r3, 0x541b, &(0x7f0000000040)) r7 = eventfd(0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={r7}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r8 = dup3(r6, r4, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x3}) [ 260.377456] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 260.385828] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 260.393348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 260.402374] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:29 executing program 2 (fault-call:10 fault-nth:8): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:29 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 260.645321] FAULT_INJECTION: forcing a failure. [ 260.645321] name failslab, interval 1, probability 0, space 0, times 0 [ 260.665878] CPU: 1 PID: 13708 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 260.674676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 260.686134] Call Trace: [ 260.688784] dump_stack+0x1b2/0x283 [ 260.692437] should_fail.cold+0x10a/0x154 [ 260.697279] should_failslab+0xd6/0x130 [ 260.701914] kmem_cache_alloc+0x28e/0x3c0 [ 260.706327] mmu_topup_memory_caches+0x83/0x300 [ 260.711632] ? kvm_vcpu_kick+0xef/0x1f0 [ 260.715803] kvm_mmu_load+0x1e/0xc90 [ 260.720008] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 260.726255] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 260.731884] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 260.736951] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 260.743560] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 260.748595] ? lock_acquire+0x170/0x3f0 [ 260.752929] ? lock_downgrade+0x6e0/0x6e0 [ 260.757135] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 260.761900] kvm_vcpu_ioctl+0x3df/0xc70 [ 260.766964] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 260.773077] ? trace_hardirqs_on+0x10/0x10 [ 260.778666] ? __fdget_pos+0xa6/0xc0 [ 260.783274] ? fsnotify+0x897/0x1110 [ 260.787689] ? __vfs_write+0xec/0x630 [ 260.792080] ? proc_tid_io_accounting+0x20/0x20 [ 260.796896] ? SyS_write+0x1b7/0x210 [ 260.800627] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 260.806705] do_vfs_ioctl+0x75a/0xfe0 [ 260.810838] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 260.816670] ? ioctl_preallocate+0x1a0/0x1a0 [ 260.821662] ? security_file_ioctl+0x76/0xb0 [ 260.826088] ? security_file_ioctl+0x83/0xb0 [ 260.830597] SyS_ioctl+0x7f/0xb0 [ 260.833992] ? do_vfs_ioctl+0xfe0/0xfe0 [ 260.838581] do_syscall_64+0x1d5/0x640 [ 260.842673] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 260.847847] RIP: 0033:0x45cb29 [ 260.851016] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 260.862454] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 260.871030] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 260.881054] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 260.889079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 260.900159] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:31 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="665307000005", 0x6}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:31 executing program 3: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) r9 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r9, 0x118, 0x1, &(0x7f00000001c0), 0x4) splice(r7, 0x0, r9, 0x0, 0x100000002, 0xc) getdents64(r7, &(0x7f00000000c0)=""/131, 0x83) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r10 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:31:31 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:31 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:31:31 executing program 2 (fault-call:10 fault-nth:9): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:31 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:31 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 263.207518] FAULT_INJECTION: forcing a failure. [ 263.207518] name failslab, interval 1, probability 0, space 0, times 0 [ 263.251222] CPU: 1 PID: 13764 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 263.259233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 263.270038] Call Trace: [ 263.272648] dump_stack+0x1b2/0x283 [ 263.276605] should_fail.cold+0x10a/0x154 [ 263.281679] should_failslab+0xd6/0x130 [ 263.285671] kmem_cache_alloc+0x28e/0x3c0 [ 263.292182] mmu_topup_memory_caches+0x83/0x300 [ 263.297037] ? kvm_vcpu_kick+0xef/0x1f0 [ 263.301115] kvm_mmu_load+0x1e/0xc90 [ 263.305056] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 263.310562] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 263.315626] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 263.320791] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 263.326450] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 263.331478] ? lock_acquire+0x170/0x3f0 [ 263.336200] ? lock_downgrade+0x6e0/0x6e0 [ 263.340365] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 263.344612] kvm_vcpu_ioctl+0x3df/0xc70 [ 263.350182] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 263.357319] ? trace_hardirqs_on+0x10/0x10 [ 263.361651] ? __fdget_pos+0xa6/0xc0 [ 263.365774] ? fsnotify+0x897/0x1110 [ 263.369861] ? __vfs_write+0xec/0x630 [ 263.374048] ? proc_tid_io_accounting+0x20/0x20 [ 263.378951] ? SyS_write+0x1b7/0x210 [ 263.382700] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 263.388897] do_vfs_ioctl+0x75a/0xfe0 [ 263.393346] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 263.399632] ? ioctl_preallocate+0x1a0/0x1a0 [ 263.404401] ? security_file_ioctl+0x76/0xb0 [ 263.410892] ? security_file_ioctl+0x83/0xb0 [ 263.416454] SyS_ioctl+0x7f/0xb0 [ 263.419831] ? do_vfs_ioctl+0xfe0/0xfe0 [ 263.424470] do_syscall_64+0x1d5/0x640 [ 263.428824] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 263.434480] RIP: 0033:0x45cb29 [ 263.437760] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 00:31:32 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:32 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:32 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:32 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) [ 263.449412] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 263.458357] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 263.467356] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 263.475955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 263.483599] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:34 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="665307000005", 0x6}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:34 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:34 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r9, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r9) splice(r8, 0x0, r9, 0x0, 0x100000002, 0x0) ioctl$KVM_GET_NR_MMU_PAGES(r9, 0xae45, 0x5ec) 00:31:34 executing program 2 (fault-call:10 fault-nth:10): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:34 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:31:34 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r1, 0x8983, &(0x7f0000000040)) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:31:34 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:34 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 266.268158] FAULT_INJECTION: forcing a failure. [ 266.268158] name failslab, interval 1, probability 0, space 0, times 0 [ 266.300764] CPU: 0 PID: 13877 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 00:31:35 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 266.308697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 266.318762] Call Trace: [ 266.322091] dump_stack+0x1b2/0x283 [ 266.326029] should_fail.cold+0x10a/0x154 [ 266.330288] should_failslab+0xd6/0x130 [ 266.334304] kmem_cache_alloc+0x28e/0x3c0 [ 266.338495] mmu_topup_memory_caches+0x83/0x300 [ 266.343282] ? kvm_vcpu_kick+0xef/0x1f0 [ 266.347277] kvm_mmu_load+0x1e/0xc90 [ 266.351096] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 266.356760] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 266.362055] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 00:31:35 executing program 1: eventfd(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) eventfd(0x0) r4 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, 0x0) [ 266.367528] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 266.373772] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 266.378819] ? lock_acquire+0x170/0x3f0 [ 266.383584] ? lock_downgrade+0x6e0/0x6e0 [ 266.387747] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 266.391997] kvm_vcpu_ioctl+0x3df/0xc70 [ 266.396106] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 266.402379] ? trace_hardirqs_on+0x10/0x10 [ 266.406621] ? __fdget_pos+0xa6/0xc0 [ 266.410357] ? fsnotify+0x897/0x1110 [ 266.414075] ? __vfs_write+0xec/0x630 [ 266.417889] ? proc_tid_io_accounting+0x20/0x20 [ 266.422564] ? SyS_write+0x1b7/0x210 [ 266.426298] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 266.432314] do_vfs_ioctl+0x75a/0xfe0 [ 266.436482] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 266.442120] ? ioctl_preallocate+0x1a0/0x1a0 [ 266.446631] ? security_file_ioctl+0x76/0xb0 [ 266.452003] ? security_file_ioctl+0x83/0xb0 [ 266.456428] SyS_ioctl+0x7f/0xb0 [ 266.459924] ? do_vfs_ioctl+0xfe0/0xfe0 [ 266.463906] do_syscall_64+0x1d5/0x640 [ 266.467807] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 266.473002] RIP: 0033:0x45cb29 [ 266.476288] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 266.484698] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 266.492713] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 266.500092] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 266.507976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 266.515570] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:37 executing program 1: eventfd(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) eventfd(0x0) r4 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, 0x0) 00:31:37 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c", 0x7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:37 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r9, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r9) splice(r8, 0x0, r9, 0x0, 0x100000002, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_GET(r8, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, 0x1409, 0x8, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0xc010) 00:31:37 executing program 2 (fault-call:10 fault-nth:11): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:37 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:31:37 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:37 executing program 1: eventfd(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) eventfd(0x0) r4 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, 0x0) [ 269.303147] FAULT_INJECTION: forcing a failure. [ 269.303147] name failslab, interval 1, probability 0, space 0, times 0 [ 269.355219] CPU: 0 PID: 13975 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 269.363147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 269.372506] Call Trace: [ 269.375101] dump_stack+0x1b2/0x283 [ 269.378741] should_fail.cold+0x10a/0x154 [ 269.382919] should_failslab+0xd6/0x130 [ 269.386956] kmem_cache_alloc+0x28e/0x3c0 [ 269.391723] mmu_topup_memory_caches+0x83/0x300 [ 269.396397] ? kvm_vcpu_kick+0xef/0x1f0 [ 269.400380] kvm_mmu_load+0x1e/0xc90 [ 269.404102] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 269.409650] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 269.414598] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 269.419545] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 269.425016] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 269.429872] ? lock_acquire+0x170/0x3f0 [ 269.433863] ? lock_downgrade+0x6e0/0x6e0 [ 269.438030] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 269.442181] kvm_vcpu_ioctl+0x3df/0xc70 [ 269.446161] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 00:31:38 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) eventfd(0x0) r5 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x2, r0}) 00:31:38 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 269.452070] ? trace_hardirqs_on+0x10/0x10 [ 269.456307] ? __fdget_pos+0xa6/0xc0 [ 269.460021] ? fsnotify+0x897/0x1110 [ 269.463734] ? __vfs_write+0xec/0x630 [ 269.467529] ? proc_tid_io_accounting+0x20/0x20 [ 269.472204] ? SyS_write+0x1b7/0x210 [ 269.475922] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 269.481807] do_vfs_ioctl+0x75a/0xfe0 [ 269.485607] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 269.491230] ? ioctl_preallocate+0x1a0/0x1a0 [ 269.495765] ? security_file_ioctl+0x76/0xb0 [ 269.500177] ? security_file_ioctl+0x83/0xb0 [ 269.504588] SyS_ioctl+0x7f/0xb0 [ 269.507965] ? do_vfs_ioctl+0xfe0/0xfe0 [ 269.511945] do_syscall_64+0x1d5/0x640 [ 269.516191] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 269.521377] RIP: 0033:0x45cb29 [ 269.524564] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 269.532362] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 269.540066] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 269.547339] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 00:31:38 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r3) splice(r2, 0x0, r3, 0x0, 0x100000002, 0x0) ioctl$SCSI_IOCTL_GET_IDLUN(r3, 0x5382, &(0x7f0000000100)) r4 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000002, 0x0) ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000140)=0x1) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) ioctl$KVM_REINJECT_CONTROL(r5, 0xae71, &(0x7f0000000040)={0x1f}) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000000)={r8}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = dup3(r9, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x3}) [ 269.554609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 269.561881] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:38 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:38 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) eventfd(0x0) r5 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x2, r0}) [ 271.149056] NOHZ: local_softirq_pending 08 00:31:40 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c", 0x7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:40 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) eventfd(0x0) r5 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x2, r0}) 00:31:40 executing program 2 (fault-call:10 fault-nth:12): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:40 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:31:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r8, 0x800442d3, &(0x7f0000000040)={0x81, 0x6, 0x8, @empty, 'veth1_to_team\x00'}) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) dup3(r5, r3, 0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r7, 0xc0305302, &(0x7f0000000080)={0x4, 0x4, 0x7fff, 0x4, 0x4, 0x1000}) 00:31:40 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:31:40 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 272.272637] FAULT_INJECTION: forcing a failure. [ 272.272637] name failslab, interval 1, probability 0, space 0, times 0 [ 272.319582] CPU: 1 PID: 14103 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 272.327512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 272.336869] Call Trace: [ 272.339469] dump_stack+0x1b2/0x283 [ 272.343540] should_fail.cold+0x10a/0x154 [ 272.347696] should_failslab+0xd6/0x130 [ 272.351676] kmem_cache_alloc+0x28e/0x3c0 [ 272.355831] mmu_topup_memory_caches+0x83/0x300 [ 272.360505] ? kvm_vcpu_kick+0xef/0x1f0 [ 272.364485] kvm_mmu_load+0x1e/0xc90 [ 272.368213] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 272.373710] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 272.378652] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 272.383590] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 272.389082] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 272.393959] ? lock_acquire+0x170/0x3f0 [ 272.397938] ? lock_downgrade+0x6e0/0x6e0 [ 272.403145] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 272.407299] kvm_vcpu_ioctl+0x3df/0xc70 [ 272.411632] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 272.417879] ? trace_hardirqs_on+0x10/0x10 [ 272.422137] ? __fdget_pos+0xa6/0xc0 [ 272.425862] ? fsnotify+0x897/0x1110 [ 272.429578] ? __vfs_write+0xec/0x630 [ 272.433384] ? proc_tid_io_accounting+0x20/0x20 [ 272.438062] ? SyS_write+0x1b7/0x210 [ 272.441784] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 272.447689] do_vfs_ioctl+0x75a/0xfe0 [ 272.451496] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 272.457128] ? ioctl_preallocate+0x1a0/0x1a0 [ 272.461599] ? security_file_ioctl+0x76/0xb0 [ 272.466015] ? security_file_ioctl+0x83/0xb0 00:31:41 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 272.470433] SyS_ioctl+0x7f/0xb0 [ 272.473797] ? do_vfs_ioctl+0xfe0/0xfe0 [ 272.477772] do_syscall_64+0x1d5/0x640 [ 272.481673] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 272.486862] RIP: 0033:0x45cb29 [ 272.490054] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 272.497771] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 272.505228] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 272.512497] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 00:31:41 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x0, r0}) 00:31:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000040)=0x10000) [ 272.519781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 272.527065] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c", 0x7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:41 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) recvfrom$inet(r2, &(0x7f00000000c0)=""/79, 0x4f, 0x20, &(0x7f0000000040)={0x2, 0x4e22, @private=0xa010101}, 0x10) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:31:41 executing program 2 (fault-call:10 fault-nth:13): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:41 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x0, r0}) 00:31:41 executing program 3: eventfd(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) eventfd(0x0) r4 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, 0x0) 00:31:41 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x0, r0}) [ 272.724362] FAULT_INJECTION: forcing a failure. [ 272.724362] name failslab, interval 1, probability 0, space 0, times 0 [ 272.777377] CPU: 1 PID: 14199 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 272.785301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 272.795536] Call Trace: [ 272.798143] dump_stack+0x1b2/0x283 [ 272.801800] should_fail.cold+0x10a/0x154 [ 272.805963] should_failslab+0xd6/0x130 [ 272.810043] kmem_cache_alloc+0x28e/0x3c0 [ 272.814660] mmu_topup_memory_caches+0x83/0x300 [ 272.819338] ? kvm_vcpu_kick+0xef/0x1f0 [ 272.823328] kvm_mmu_load+0x1e/0xc90 [ 272.827047] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 272.832499] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 272.837437] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 272.842469] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 272.847937] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 272.853917] ? lock_acquire+0x170/0x3f0 [ 272.857902] ? lock_downgrade+0x6e0/0x6e0 [ 272.862068] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 272.866221] kvm_vcpu_ioctl+0x3df/0xc70 [ 272.870206] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 272.876290] ? trace_hardirqs_on+0x10/0x10 [ 272.881057] ? __fdget_pos+0xa6/0xc0 [ 272.885577] ? fsnotify+0x897/0x1110 [ 272.889326] ? __vfs_write+0xec/0x630 [ 272.893485] ? proc_tid_io_accounting+0x20/0x20 [ 272.898323] ? SyS_write+0x1b7/0x210 [ 272.902152] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 272.908058] do_vfs_ioctl+0x75a/0xfe0 [ 272.911874] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 272.917594] ? ioctl_preallocate+0x1a0/0x1a0 [ 272.922024] ? security_file_ioctl+0x76/0xb0 [ 272.926447] ? security_file_ioctl+0x83/0xb0 [ 272.930869] SyS_ioctl+0x7f/0xb0 [ 272.934244] ? do_vfs_ioctl+0xfe0/0xfe0 [ 272.938238] do_syscall_64+0x1d5/0x640 [ 272.942686] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 272.947884] RIP: 0033:0x45cb29 [ 272.951077] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 272.958789] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 272.966061] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 272.973342] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 272.980612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 272.987885] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:41 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:31:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001180)={0x5c, r4, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}]}, 0x5c}}, 0x0) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r4, 0x2, 0x70bd25, 0x25dfdbfb, {}, [@L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x20000041) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000000)={r8}) r9 = dup3(r7, r5, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x3}) 00:31:41 executing program 1: eventfd(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2}) 00:31:41 executing program 3: eventfd(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) eventfd(0x0) r4 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, 0x0) 00:31:41 executing program 2 (fault-call:10 fault-nth:14): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 273.205782] FAULT_INJECTION: forcing a failure. [ 273.205782] name failslab, interval 1, probability 0, space 0, times 0 [ 273.233400] CPU: 0 PID: 14271 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 273.241390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 273.250842] Call Trace: [ 273.253436] dump_stack+0x1b2/0x283 [ 273.257082] should_fail.cold+0x10a/0x154 [ 273.261241] should_failslab+0xd6/0x130 [ 273.265326] kmem_cache_alloc+0x28e/0x3c0 [ 273.269698] mmu_topup_memory_caches+0x83/0x300 [ 273.274565] ? kvm_vcpu_kick+0xef/0x1f0 [ 273.278638] kvm_mmu_load+0x1e/0xc90 [ 273.282362] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 273.287817] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 273.292755] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 273.297703] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 273.303345] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 273.308501] ? lock_acquire+0x170/0x3f0 [ 273.312659] ? lock_downgrade+0x6e0/0x6e0 [ 273.317083] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 273.321335] kvm_vcpu_ioctl+0x3df/0xc70 [ 273.325341] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 273.331249] ? trace_hardirqs_on+0x10/0x10 [ 273.335492] ? __fdget_pos+0xa6/0xc0 [ 273.339254] ? fsnotify+0x897/0x1110 [ 273.342994] ? __vfs_write+0xec/0x630 [ 273.346808] ? proc_tid_io_accounting+0x20/0x20 [ 273.351930] ? SyS_write+0x1b7/0x210 [ 273.355908] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 273.361806] do_vfs_ioctl+0x75a/0xfe0 [ 273.365619] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 273.371352] ? ioctl_preallocate+0x1a0/0x1a0 [ 273.375878] ? security_file_ioctl+0x76/0xb0 [ 273.380657] ? security_file_ioctl+0x83/0xb0 [ 273.385252] SyS_ioctl+0x7f/0xb0 [ 273.391318] ? do_vfs_ioctl+0xfe0/0xfe0 [ 273.396005] do_syscall_64+0x1d5/0x640 [ 273.399910] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 273.405197] RIP: 0033:0x45cb29 [ 273.408651] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 273.416548] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 273.424777] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 273.432156] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 273.440038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 273.447314] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:44 executing program 1: eventfd(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2}) 00:31:44 executing program 3: eventfd(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) eventfd(0x0) r4 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, 0x0) 00:31:44 executing program 2 (fault-call:10 fault-nth:15): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:44 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000002, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000004c0)=0x14) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000500)={@ipv4={[], [], @broadcast}, @local, @private0, 0xa91, 0x8, 0xfffa, 0x100, 0xffff, 0x80000001, r4}) socket$inet_tcp(0x2, 0x1, 0x0) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xc0, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480)=r7, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=r7, 0x4) r8 = dup3(r5, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:31:44 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:31:44 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) eventfd(0x0) r5 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x2, r0}) 00:31:44 executing program 1: eventfd(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2}) 00:31:44 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) listen(r2, 0xa0000) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:31:44 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) eventfd(0x0) r5 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x2, r0}) [ 275.752195] FAULT_INJECTION: forcing a failure. [ 275.752195] name failslab, interval 1, probability 0, space 0, times 0 [ 275.804725] CPU: 0 PID: 14333 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 275.812672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 275.823101] Call Trace: [ 275.826524] dump_stack+0x1b2/0x283 [ 275.830346] should_fail.cold+0x10a/0x154 [ 275.834591] should_failslab+0xd6/0x130 [ 275.838868] kmem_cache_alloc+0x28e/0x3c0 [ 275.843054] mmu_topup_memory_caches+0x83/0x300 [ 275.848257] ? kvm_vcpu_kick+0xef/0x1f0 00:31:44 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) eventfd(0x0) r5 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x2, r0}) 00:31:44 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) eventfd(0x0) r5 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x2, r0}) [ 275.852344] kvm_mmu_load+0x1e/0xc90 [ 275.856163] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 275.863153] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 275.868328] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 275.873627] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 275.880032] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 275.885007] ? lock_acquire+0x170/0x3f0 [ 275.889426] ? lock_downgrade+0x6e0/0x6e0 [ 275.894937] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 275.899558] kvm_vcpu_ioctl+0x3df/0xc70 [ 275.903752] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 275.909947] ? trace_hardirqs_on+0x10/0x10 [ 275.914662] ? __fdget_pos+0xa6/0xc0 [ 275.919398] ? fsnotify+0x897/0x1110 [ 275.923198] ? __vfs_write+0xec/0x630 [ 275.927102] ? proc_tid_io_accounting+0x20/0x20 [ 275.931886] ? SyS_write+0x1b7/0x210 [ 275.935723] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 275.941980] do_vfs_ioctl+0x75a/0xfe0 [ 275.946631] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 275.952792] ? ioctl_preallocate+0x1a0/0x1a0 [ 275.957227] ? security_file_ioctl+0x76/0xb0 [ 275.961999] ? security_file_ioctl+0x83/0xb0 [ 275.966428] SyS_ioctl+0x7f/0xb0 [ 275.969803] ? do_vfs_ioctl+0xfe0/0xfe0 [ 275.973788] do_syscall_64+0x1d5/0x640 [ 275.977775] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 275.982966] RIP: 0033:0x45cb29 [ 275.986611] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 275.994761] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 276.002041] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 276.009597] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 276.017059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 276.024349] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:47 executing program 1 (fault-call:7 fault-nth:0): r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:47 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:47 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x0, r0}) 00:31:47 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r5) splice(r4, 0x0, r5, 0x0, 0x100000002, 0x0) r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x40000, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000000)={r8}) r9 = dup3(r7, r3, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x3}) 00:31:47 executing program 2 (fault-call:10 fault-nth:16): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:47 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x10004, 0x0) 00:31:47 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x0, r0}) 00:31:47 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 278.752737] FAULT_INJECTION: forcing a failure. [ 278.752737] name failslab, interval 1, probability 0, space 0, times 0 [ 278.775242] FAULT_INJECTION: forcing a failure. [ 278.775242] name failslab, interval 1, probability 0, space 0, times 0 [ 278.791416] CPU: 0 PID: 14453 Comm: syz-executor.1 Not tainted 4.14.184-syzkaller #0 [ 278.799418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 278.810175] Call Trace: [ 278.813341] dump_stack+0x1b2/0x283 [ 278.817253] should_fail.cold+0x10a/0x154 [ 278.822057] should_failslab+0xd6/0x130 [ 278.827491] kmem_cache_alloc_trace+0x2b7/0x3f0 [ 278.833002] kvm_irqfd+0x9e/0x1790 [ 278.837973] ? __might_fault+0x177/0x1b0 [ 278.842064] kvm_vm_ioctl+0x2c3/0x1430 [ 278.845990] ? __lock_acquire+0x655/0x42a0 [ 278.850862] ? kvm_vcpu_release+0xa0/0xa0 [ 278.856010] ? trace_hardirqs_on+0x10/0x10 [ 278.861013] ? fsnotify+0x897/0x1110 [ 278.865008] ? __vfs_write+0xec/0x630 [ 278.869001] ? proc_tid_io_accounting+0x20/0x20 [ 278.873673] ? SyS_write+0x1b7/0x210 [ 278.877753] ? kvm_vcpu_release+0xa0/0xa0 [ 278.881990] do_vfs_ioctl+0x75a/0xfe0 [ 278.885807] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 278.892045] ? ioctl_preallocate+0x1a0/0x1a0 [ 278.897018] ? security_file_ioctl+0x76/0xb0 [ 278.901564] ? security_file_ioctl+0x83/0xb0 [ 278.906910] SyS_ioctl+0x7f/0xb0 [ 278.910887] ? do_vfs_ioctl+0xfe0/0xfe0 [ 278.915055] do_syscall_64+0x1d5/0x640 [ 278.919393] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 278.925151] RIP: 0033:0x45cb29 [ 278.928340] RSP: 002b:00007fa137ccbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 278.936227] RAX: ffffffffffffffda RBX: 00000000004e8860 RCX: 000000000045cb29 [ 278.944136] RDX: 0000000020000080 RSI: 000000004020ae76 RDI: 0000000000000005 [ 278.951796] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 278.960176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 278.968147] R13: 00000000000003c8 R14: 00000000004c6811 R15: 00007fa137ccc6d4 [ 278.988307] CPU: 1 PID: 14456 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 278.997659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 279.007641] Call Trace: [ 279.010240] dump_stack+0x1b2/0x283 [ 279.013937] should_fail.cold+0x10a/0x154 [ 279.018681] should_failslab+0xd6/0x130 [ 279.023264] kmem_cache_alloc+0x28e/0x3c0 [ 279.028301] mmu_topup_memory_caches+0x83/0x300 [ 279.034631] ? kvm_vcpu_kick+0xef/0x1f0 [ 279.039446] kvm_mmu_load+0x1e/0xc90 [ 279.043770] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 279.050993] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 279.057447] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 279.063436] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 279.069555] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 279.078490] ? lock_acquire+0x170/0x3f0 [ 279.083048] ? lock_downgrade+0x6e0/0x6e0 [ 279.087245] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 279.091926] kvm_vcpu_ioctl+0x3df/0xc70 [ 279.096358] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 279.103819] ? trace_hardirqs_on+0x10/0x10 [ 279.108062] ? __fdget_pos+0xa6/0xc0 [ 279.111791] ? fsnotify+0x897/0x1110 [ 279.113726] FAULT_INJECTION: forcing a failure. [ 279.113726] name failslab, interval 1, probability 0, space 0, times 0 [ 279.115592] ? __vfs_write+0xec/0x630 [ 279.115605] ? proc_tid_io_accounting+0x20/0x20 [ 279.115615] ? SyS_write+0x1b7/0x210 [ 279.115632] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 279.115641] do_vfs_ioctl+0x75a/0xfe0 [ 279.115660] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 279.157611] ? ioctl_preallocate+0x1a0/0x1a0 [ 279.162317] ? security_file_ioctl+0x76/0xb0 [ 279.167963] ? security_file_ioctl+0x83/0xb0 [ 279.172408] SyS_ioctl+0x7f/0xb0 [ 279.175955] ? do_vfs_ioctl+0xfe0/0xfe0 [ 279.180028] do_syscall_64+0x1d5/0x640 [ 279.183931] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 279.189474] RIP: 0033:0x45cb29 [ 279.192790] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 00:31:47 executing program 1 (fault-call:7 fault-nth:1): r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:47 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x0, r0}) 00:31:47 executing program 3: eventfd(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2}) 00:31:47 executing program 3: eventfd(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2}) [ 279.201574] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 279.209545] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 279.218385] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 279.226930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 279.234404] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 [ 279.258878] CPU: 0 PID: 14509 Comm: syz-executor.1 Not tainted 4.14.184-syzkaller #0 [ 279.267981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 279.278292] Call Trace: [ 279.281231] dump_stack+0x1b2/0x283 [ 279.285767] should_fail.cold+0x10a/0x154 [ 279.291283] should_failslab+0xd6/0x130 [ 279.295535] kmem_cache_alloc_trace+0x2b7/0x3f0 [ 279.300218] kvm_irqfd+0xefc/0x1790 [ 279.303871] kvm_vm_ioctl+0x2c3/0x1430 [ 279.307801] ? __lock_acquire+0x655/0x42a0 [ 279.312057] ? kvm_vcpu_release+0xa0/0xa0 [ 279.316767] ? trace_hardirqs_on+0x10/0x10 [ 279.321103] ? fsnotify+0x897/0x1110 [ 279.324826] ? __vfs_write+0xec/0x630 [ 279.329255] ? proc_tid_io_accounting+0x20/0x20 [ 279.334383] ? SyS_write+0x1b7/0x210 [ 279.338463] ? kvm_vcpu_release+0xa0/0xa0 [ 279.342706] do_vfs_ioctl+0x75a/0xfe0 [ 279.346515] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 279.352146] ? ioctl_preallocate+0x1a0/0x1a0 [ 279.356569] ? security_file_ioctl+0x76/0xb0 [ 279.361067] ? security_file_ioctl+0x83/0xb0 [ 279.365482] SyS_ioctl+0x7f/0xb0 [ 279.368936] ? do_vfs_ioctl+0xfe0/0xfe0 [ 279.372913] do_syscall_64+0x1d5/0x640 [ 279.377068] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 279.382255] RIP: 0033:0x45cb29 [ 279.385439] RSP: 002b:00007fa137ccbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 279.393236] RAX: ffffffffffffffda RBX: 00000000004e8860 RCX: 000000000045cb29 00:31:48 executing program 3: eventfd(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2}) [ 279.400594] RDX: 0000000020000080 RSI: 000000004020ae76 RDI: 0000000000000005 [ 279.410470] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 279.417919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 279.425315] R13: 00000000000003c8 R14: 00000000004c6811 R15: 00007fa137ccc6d4 00:31:50 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:50 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r4) splice(r3, 0x0, r4, 0x0, 0x100000002, 0x0) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f0000000140)={[{0xfffff800, 0x6, 0x2e, 0xe7, 0x2, 0x0, 0x9, 0x80, 0x2d, 0x4, 0x1f, 0x81, 0x9}, {0xfffffffa, 0xf5, 0xff, 0x1f, 0x5, 0x8, 0x1f, 0xf3, 0x7f, 0x1, 0x20, 0xdf, 0x101}, {0x600000, 0x9791, 0x3, 0x80, 0x40, 0xff, 0xff, 0x6, 0x80, 0x7e, 0x44, 0x1}], 0x9}) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$UHID_INPUT2(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="0c000000290088df9855fec2e86193e2b35ffdcfc6eb9daac21d7a67dab9ee2f2b8eae51dbe0fbd83f819ee29880128b23c1217530686dfde6e42157e75fb876026859d42b6c70004c3b4c8e0cfd809b8e3e77e82f5125a048b6a41a7b0c78e988701c5fc863577aa3ab40b8788683ce1ce185cc10d3517c64d5a496b274fc0b6a108900bc9f79ce32d76849dd079a526dd393f3313ca7f2ede4e08614c504f71de6fbe0fd8982e759b798637663d8ea982e1a9cb3bc456ab3b2493f8237fa8538c64b3470ae2ca41aaf626de52e9cd0419ecd03033a8611335cfb4f471d4f9fe0ea593e2245cf8a30ad857d73502e2ded525a93004f569e6b00ce0c0f08095966a91cdace9990d52469c7be980632846c0e901f2b97277d5286a0623d1cb0bf70573bbdc6810356c91903f95bf74aee42"], 0x2f) ioctl$VT_GETMODE(r2, 0x5601, &(0x7f00000000c0)) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000000)={r8}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x650081, 0x0) r9 = dup3(r7, r5, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x3}) ioctl$SOUND_MIXER_READ_CAPS(0xffffffffffffffff, 0x80044dfc, &(0x7f0000000040)) 00:31:50 executing program 2 (fault-call:10 fault-nth:17): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:50 executing program 1 (fault-call:7 fault-nth:2): r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:50 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x10004, 0x0) 00:31:50 executing program 3 (fault-call:7 fault-nth:0): r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:50 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000140)='NLBL_CIPSOv4\x00') close(r3) splice(r2, 0x0, r3, 0x0, 0x100000002, 0x0) ioctl$VIDIOC_G_PRIORITY(r3, 0x80045643, 0x0) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd(0x0) r8 = dup3(r6, r4, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x2, r0}) fsetxattr$security_selinux(0xffffffffffffffff, &(0x7f0000000000)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:groupadd_exec_t:s0\x00', 0x25, 0x2) [ 281.800054] FAULT_INJECTION: forcing a failure. [ 281.800054] name failslab, interval 1, probability 0, space 0, times 0 [ 281.829661] FAULT_INJECTION: forcing a failure. [ 281.829661] name failslab, interval 1, probability 0, space 0, times 0 00:31:50 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r5, 0x118, 0x1, &(0x7f00000001c0), 0x4) dup3(r5, r3, 0x0) r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000000240)="7e5f5099533435dca80380ecaa33eadd2abc308b6dac5671f0606176ab9a7351e2c28f5f9d1f8d2ad5affc68db2aefeceb94612b2091cd9b1354c1f20d51b55ffe640324f1f644d760a73a8553d1cc39fa653499df287564c05728f2af4d96527c7e02c766be6a480e2357efcf6daa4aad8b238434096a79a2199b00460220d8b85b7d5c6dbff47af4f538346bd618af58fe3bc34da40aa0231ca82c589f4c8bfb31601c99f657e1f659e15d5ff19c0c925e071af69b3131399e633f2bf9db6ee1d2a79529f39df77991f22938a8f1ee15511c54768adef319aefe716f43219ba09c21d5fc0453d9df5dab18a85382a45d2db6b83bc32d68086fa355f5e0e1f8eea82020cf00fed0025d16dec17c93acb6fc24fab578e779d98a35552dcb1eef2987ea4ca551d9144077ae91074bdf18f511c50bbb242a588c9065bff021f07cc4d4e1814a2733cf8ecec91b2933c5625785f528a3eb7589fbe40a257bc43a978ebce7da88b69c57c04a05b8872eeca48ac57026936a2db04bdc4bf70d64a1253235881cbf275728266228f3535105831f5d7676a00a26dd74cf41fa78410b084345aa3ae68655918e7a5d080a87e4a2c51f81805e0f7d747a42fce5c28208ee3b2977e12b939111736d9956874e97c70e568b1754e6ffb6975e86766729b2376cf057a541bc6d683c89c9cf172f14a399a46a370a7b2ef76b0af5f8ab49f47b22a05840324987b0f3c3b35f9f986157e898e0b467de28cb329d5a06bc56bfc06cc0f9e3fb6406bfc07aeda18c0eec9149c4dea43d493f7d88f8bf14b41c48b46489ae8872cd2e3151d0446edfc7a2a36d1f0d7e026dae3f65fc7a1876966d43c1a71f495dd8c71d8d7bd1b45865a26454bf475487df288cb721c1b153fb7fce6619250d452195025f48442722fc518dba9361a9ae8cc36a7ce854354408b004e72382676ce4e18684af5494cc447b066e77df8a635beb16e9b66d0c55a1d96020c7e7e73fc8588b97d232cc526ccdb67a5eaeaceb960d332b0f6ee058a82750238bb2f9d64961f4abd092f14c80d90a36a7b4a54a4c5d9085e5b5216f63bb10d4f9c0032d625d25504c6855e9485586da29bb4edc647bc04f5603de587b06432a8f2d09a804d6a15d25c793afae45d5128914706dda581f6ebfeb5de4adaa8c2e6b99daa991231fda3311686837c0a6e21a41ea4b9f3636a1f4263a4fc1bf914b8d3fdd7e003db09d7bdb3b950a432440e5a2d5c14451a1a8c2d1fe7f7654cbec3e0beda660f3690466b3c8fd331475e02b24e0316f792193c5073548127916629c15abd0e25c513946047e69096b0789dd4b2653e16edd6b8ed4cf5806dc09c355526841ffb2ab60ef6ff43b4246642690ed7b526d79a467e3c93f30f492ffeb027b6dd342be34965302c1315e2b46ad99015303fc26d5c3eccb0b3358881c50e1e29a2c9fddeb0ae2eec0a853058030557a1f13aad6d7684d312ad8f13791b0520be7e26d76ef2ee8ac8b2df0421599b6a681f0a7bb6e00e49b2ebc62e5b1c56a2f552dda4295a9378f028df951443198a2a456d8898e2acf2bbdb15cb3e2473b5b7434d35029fa5453c6d3b019a7292b42a6bca6cc704ef782989254cab0e53ac99e3ac703121b95635d0d6c089e8fcae34837e6dd7b62c37b67e545e778fe8eb496ad60a1caf2d833e6fcebb5e6356f1a17197e21c14eb45f7b15d74d2cafa926a8ff1bfffb583c432c35fa6a30c80baad947698c6acd21a0c3efbb11ac7d4b9d329ce76fd9ecac0aeb3c82824d934dab29f996ad3b1deb8946cae162136930016e37e483ab841880974fae5ff694306b45f617b5c7a277ef436282b32548183dbae86b366eaa9a1a8397a5a7b1f05efef77defa1a1fe9cc80533544166a04caf7dca519c663e93d5e8ae956d1c587a0f79a18a6bc87a5f59fe65490a253ef29cd007b4fedadb9225140507e38d0c028937d9af93a07ffd33ac41d9f443375735ebab92482995158b3146d72add39faab377992e772d207f3480bb8f9360a29a58cda5a05b8ae732be39fa5ecca933f79ff36e39642bf191282a8bc7c0174744d9817572fbe3c29f0f48558fb8e12527ee7ed51bca7bd293bc2a38ac5566fd4f850393ad391d180ea9df60330f1d8a22bcfa21608039ef3e153feb598e4eaa8f97c0b55e8e682216af25035e9ecf1b5565450a5c1ee3959e8d99d2bb8224ce698ac45a9c316b6126c2a86a8e6d9b636938f27610f9d5173da4b782aa593b46bcbd2393c2337f4005efa635f9bee00a29fb27af1275f53099e094037b2bdfd3a143b187f7676aa682002516bca3a7bb911af7add8c66270cbdfd053c9893df18ea6ca44f9fc2882c89609d84ee8efaded825936600480d314347932b88f0476950d812bc2790a9610980425cfd2acfaccefc6563e92f87d930dd3f52883305eeb4add2870c919712dfe533c164a62cb61b093fe3c77db6bec183495008e1c9dcf1b8aff063d83d2187492eab285521521c2f3617b635554ce8cfe3de7c2e808c39d92f44e1fbdbd2dade3eb39bcd5404bf12fb2d17369ae19c7fc99d629995175e556f4fa11a2b7c861dd3075b802df6bfdf16d113903757d65ce59755642454693076973bfc4a5b5f16cdfa7738e06095c569e77740227d4728dcc673051f0110d797fd9cac78d4a0edb7a02e46ed687f0a53ce4719ed99ac828404911252b873fa1bb04b3601419055a2aded88f2de0f675b45f09d5f5131bcb4deea8fdaa95ca3772fcc3fdce319f2dd0047e16a57e2f2627d84a2ef035f6fc94c823b1c6b7dd5b0633dc4c2adee36e423df95368f258d5d66278c8fcabf21bf27049bfd62a2c69b870d5d9241f0075a732d42db74136b4b966236e0316a930127e2337fc7dff78a3ccf64a9812f8775d0a80f6ef98c6fbdc686a014ed55829abbb41042a19dd7692aec545f8bd521d8c52c74ec13ff4ba62cf75e44663f29a7995ecb542647f91aea63e41122f5cd6015892e0650240b467f9ad9ef2cae5dcc65de61e0d9dca11b51cdfa618c70975ec6b264ba7556607d59ebd60560ad3d196fc27a2d8515c5b316e4fd2b5ac3322b6bde4848e6479a5c2b4e9daadb8c087f4840a1f4beb049a37f7de49ebd4c951c50cdeb327a5cd6959e8e20487aec5a2990be451c7e93fb71d8f32e0a0f05b0db9387fdf42e1bf7b33cc964d080aaf4727cb7bfad20fbcadcfc29b0b9182a5ca5aeb6fe7ad688352c9cd01b8ed6898433e36375ab2b4c252773260c97e9b1acf0fe52b1df4dc4445a736b573eda5e6fdafe04aefd22a65ff7ca571eb2f3d38944ff62e1c75daaddbb31a7a313210e1e71e1a6f550deccaf3c0a053580ccb06ed4d0ef801e71557e11d020b830f9f2d8abdc4409ba402a544f277a75acca0aed1167333366a0ecd7ce328768dbfe0c3934c060477c19cbc5b01e7316528b7e814574f0f071ec652c96c7a71c5402b6a9ca80d0039cb117be31972798f809f25a02f7802002898419301bbf9f62e5e6285c8f55ecec4251f3d3314a06f4e968a4fa57d6acad9c89e7c9b9f2e1c8b7918ab56ca6d9b6672937a8ff73caa661d54da16005a99ebd885610cc998801ead4df3a903e90a8d679ff64f9dbacffa8c867847bc5cecd8e1dafa3ac15150ff7597bf9723a6f1d5c2374a797372e042c104292ba933a3d23af03c61e56e6e8711593b1489b5f4369244665c88f3ae4032968929f238169644917459f40e566ea5fb296b7036e48fd68e0bae034c939608167a954ebb30347b0e71bd6c88f63024da5a9c67876d404775602ba86e7f3b11fe4fe61344d5b7c6471f2a87db87d92b5261ba4404516b9e67f16faacb83e4acf16bf54aed754c1bd5d3dcc7117c4a767bebfe05960fade2a9f6bfd15212cd27c44ee0ff30f6242a3cf4dbf075067a2268114bdd20332c3613dfdadb71e3b8be9bdf694b4efc0fd028563f79c1da633695595e102f9684e062bd58db138464d80f12f077b700b05ad0f9df3192327eb02f2f743c0e14c60898f8896db202415a8340f80702e9e3954d6b171fb08afaf2083be4979415b39ee8c00efce10ff13ceba4267471536cb9e51e235e41d106e875d4cf614cfadb689718a6cacd8cf18974fb1e968e3bc0c42c253263873a497cf5b66ad03e9d5a9a6a7b272f47a83368b91a40ba83fd47fe13288aa5d9a0901d091c5a556852b272ba17bf7ddfd842e0089f60b245eb76c37f74f37b2ddb230227bf2035e69177f150d85b8411de1cf957926f314bf01e6b6f9d2f366f11f380cb1044e576f292d0854edc0d65adbe5246cf604ae44f097eff704a5c90c20f135b43ec69751a1d7bc341c8a8f9526998d6b4c15020482ec683747952d131d2c76dd8084f468b35df98040e8f90e0c9090fd49ceef6e7dd64752487a77a3d7b6a05ea0b55a2696c771fdd5243ca26984fcc2e4c4f318ffe38ffe589a78d0fbd4f3094b80f8f0ecb0cb024abde2e3c6d9d60cd912c4e15ecb652c1ea081bccf289490c2eb588640df80ea5a8b553da0b4da6215fae8400d85ad6cc50959ddec98ca3dda3f6beba8f8c546fb17e4429d326a6230e926c0e9753f7140bcdd44e8e4e09741fa796d5c204df2d88401eb3d3498cbd0deb661b0c76630e34d48a4202f753f3f9e69e9c4783db8b459db59a23f1c0b12399cb2ec8e9efafc6a7954ed900b3f10364ac5fdd61706f2b05e0856f008f409ec9dec125e35fa008da2543d8e574d4ca576fce3ad8bd4355db759e69a7164ec739456aa562c4640483861b13311a4bb1cd22132de134500ff98b32fc17396f255a51a24984dd4f47242e3d5d3da91a3e6bd5b67060f658c09d2be1d7bc52211c7f003f599bf69f564e10acfc9cbce509af31141e75aeec3fac0a6d1785da310331af7c095b6325b559404ecc13899ac8f3c4379fb11ae5c941959f1bb530ca42255a1b74649a87ce034f5b12590b75844b9d47673e7caddec95ac5d7f349180aade36799fe3a01810f8a5830d90fe79d3c88c0b576f19a3d8c8cbdbabc0194be7dd3d68a5abc56212f3e45b72d0e2b069bec7da172f1af2da68fe82ee1a024a3595013235cd663da48d1138786cfbf86756b46b276bbbb241ab8424d3077d40606577e399a75ec79b4ed792f34c75b343e3bd83b3aa190716a31446d59f08a96960c2b921d617eac90bb8a56576b15c8aa646f2e0cd695f8407687c633e27a6a6eb4047d03d57fbba1df0eb935945a7052fa361ee19ff51ef72ee9a5fc6159c3f0970e7893aa3683b9d985c71d6fe596b59b1be31928c5798f7fe89e8831c5d9fa73b2709fa6a48d464142de4c49f8c9d124152824994665ec4fbce873269c91c25179fdca0066a5ea964d5f110f77dd9301e16fa893d2c6d4e985a5d70a6f86114d612b9c43422fdb6b564a5e89b59b7d385352eeca7dc47559117c5d500cbd729a83d198870d7cf1f50e262855bfdc4a2f2227f27a5eb3f90cb45d0443ddaafc8077cd2584f09fbe5cbb39912471ca94929ef20525bb7a3f5f116aefe5eae4ff6cf4b22ada784806a90a45215b03ff32e5e99d028c8c848d162a9ad597f9efa76b9a427dacdf701d944f7d3b08bcd1ca2ceeed2a473b4b314038a5cf845b93c5cdafa8d355a478a502422ac0382316e613b4fface3aa300eecd59d008c853fe857d4a0c0687fe997bcdd1637a27031afa0f41376f87731a938190f207d5667da008da11eb3ff8476993c499568203bc2d67fefaca64002b057add3395212a97d0f1b4cd2ce593c0723a5992f61c3535a48e", 0x1000}, {&(0x7f0000001240)="20c93b56a770b7b18dbdae598bcc7fd66888113c07b6a77c2d4584aba01c24e3665d6c7c7ccf17f40505dbfb1b91051f40b6e3e413d9d5cfbd10a23bd45eebebfb28d2c6c17774b35d2ff9e7b2cf9be6b56eaa875063e791afc76d17d0e77b3da081ec7fed7ebf", 0x67}, {&(0x7f00000012c0)="d4f560936737666c56590ada15a951e7f5afe1e010e28d0ea386fd18ff51f1ec3294866895306c0e038aa6f6d6d1ab899dfadf8da5a73c71eb9e97f9c2b4acec91311a5c2512b903afb99432cf826552fa44775e1776660b0602f7300f8a20cdef5b41df7f8f6b41900a7e15e937aedb962102f7f4103d2e6b3603f38baef2c20c2d15f1399e339f9ec362ecb331ef8c83488f234659847e8bbefb23dcaf54bbdd70cc98cc8eaff52d4f838b35563e2acff0ab0d15133cc74c0c0a8fe810454a6a9c4b7dbd2b4ec406d1526edf0e71de36fa11151a424cad047c3e71497bc81e25794e8d23", 0xe5}, {&(0x7f00000013c0)="de872a66600f0d14037f1ce0bb43c2fcc33b9e1539e75c86f11654ea70eb1570a03c614f031a522587c617dfba0d22a5fd219fdb1f528301b0fc2cb33860ec88f46f39972a466d9b355c84a7bbf1e80f04f4a155f53580fb7f6d46023b4d2bbcdc7b42ea0e72f3a01af0cbea85eeda01d51163418c4f215fc9b3e99f38e46d67e54bf9cbe19a573d6fbd491483f2431e559495da0e2ff1ea37701c8f2c4e58c77f8f58b0f60ddf6123477c0fbf7342348e6b1d32f47b85ee1101929b29ce581df9588f5f9d03b36eb6ecb204085301ca88afe075920abdbbcbd8cabcf9550b8430e0d0a4e56b140278d29b4548222b7aca80ae8504003809", 0xf8}, {&(0x7f00000014c0)="df4200d60c203fd5d16865b1fdc3b44b72f443e9494f85f8e218eeccbc6d8e4c9cb723cbd338cbf24692662ce132913379ced64981ec1d0c794309202d20a3571dfffac3068911fa75abdd63263c845b179f3488be4fb5e6ae4a88766782e82c1f8d70609397545888e6a4fcee125054c140dbce183bc9f9023f6f58c8967b833222eb5a305be0ec78eade36160faa94fa82c5f211ede263f81dd2878ad2f626df45f00147a8fc8a6babbab88ee5", 0xae}, {&(0x7f0000001580)="3668bf436517881a64a3f971933da4a2217977f1ee239eecb559ce7f32895faa118fd95e20f1899fe9bdd1a2caf8cc3193739592d506c4c9ad41e553dccdcfbecd368376ba34d35c53d72d212f8dc4d4e37bc2c93e2c6d61b6f38cbc523e4af538c77e61cb1b62b281bc218f6e904d1700a4391699d2112d3956189cac189c62aff4eb17e0435adb56d7b1977d7d0ef1a41c9b4f533f8cec87b4e7572732b972604ca8c883c88244f173fc899f8b117e38ad2d67457a1c47bd579c79e79fc9e763", 0xc1}], 0x6, &(0x7f0000001880)=ANY=[@ANYBLOB="d8000000000004001001000000040000ad554b6f559c18fc1c9194df8ead5b3e3f45915852fbbb0ccb6edfe6133b5ecc5b6e4de78027798d3f8b6dbce7569de1d02eff053c49517fa02cb538fb2b19390f62259bbfa801978c584414615e282a90fc7b4d0351652a3cd6b997331c28978e7ff7bfa919bd6a3a41fb4060130d4f24d791eb266ae1d2f89e2c1dc3f85dfc0d25fd030612e4ca6933395068ab9d844725b051355b5e61884fec5a14dd7b6164b8aadd3be19ebde5d974c390e400b95b7affb6342bd77c2094556b0138f712e47476d595b7bb791b00000000280000000000000001010000f0060000cf9765d0019a90edc0be967ed611fb723658c800000000003b810b2e23a6efc17cfcf89c245d7f38e1089bf6d6388d61175c053dbeb583e6cb5b39034b1b694d7066e92f941c6a6f52fd01e32c9c9d67d5c415b5f2efa5"], 0x100}, 0x4000) r7 = eventfd(0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={r7}) r8 = dup3(r6, r3, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x3}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r10, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r10) splice(r9, 0x0, r10, 0x0, 0x100000002, 0x0) ioctl$UI_SET_PHYS(r9, 0x4008556c, &(0x7f0000000040)='syz0\x00') [ 281.845324] CPU: 1 PID: 14572 Comm: syz-executor.3 Not tainted 4.14.184-syzkaller #0 [ 281.853246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 281.862690] Call Trace: [ 281.865289] dump_stack+0x1b2/0x283 [ 281.869197] should_fail.cold+0x10a/0x154 [ 281.873544] should_failslab+0xd6/0x130 [ 281.877790] kmem_cache_alloc_trace+0x2b7/0x3f0 [ 281.882472] kvm_irqfd+0x9e/0x1790 [ 281.886059] ? __might_fault+0x177/0x1b0 [ 281.890132] kvm_vm_ioctl+0x2c3/0x1430 [ 281.894043] ? __lock_acquire+0x655/0x42a0 [ 281.898806] ? kvm_vcpu_release+0xa0/0xa0 [ 281.902990] ? trace_hardirqs_on+0x10/0x10 [ 281.907243] ? fsnotify+0x897/0x1110 [ 281.911932] ? __vfs_write+0xec/0x630 [ 281.915921] ? proc_tid_io_accounting+0x20/0x20 [ 281.920798] ? SyS_write+0x1b7/0x210 [ 281.924654] ? kvm_vcpu_release+0xa0/0xa0 [ 281.929458] do_vfs_ioctl+0x75a/0xfe0 [ 281.933405] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 281.939682] ? ioctl_preallocate+0x1a0/0x1a0 [ 281.944290] ? security_file_ioctl+0x76/0xb0 [ 281.949843] ? security_file_ioctl+0x83/0xb0 [ 281.956040] SyS_ioctl+0x7f/0xb0 [ 281.959504] ? do_vfs_ioctl+0xfe0/0xfe0 [ 281.963503] do_syscall_64+0x1d5/0x640 [ 281.968413] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 281.973826] RIP: 0033:0x45cb29 [ 281.977203] RSP: 002b:00007fef90e47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 281.985441] RAX: ffffffffffffffda RBX: 00000000004e8860 RCX: 000000000045cb29 [ 281.993252] RDX: 0000000020000080 RSI: 000000004020ae76 RDI: 0000000000000005 [ 282.000737] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 282.008107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 282.015365] R13: 00000000000003c8 R14: 00000000004c6811 R15: 00007fef90e486d4 [ 282.029029] CPU: 0 PID: 14580 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 282.037558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 282.047623] Call Trace: [ 282.050204] dump_stack+0x1b2/0x283 [ 282.053831] should_fail.cold+0x10a/0x154 [ 282.058712] should_failslab+0xd6/0x130 [ 282.062692] kmem_cache_alloc+0x28e/0x3c0 [ 282.067210] mmu_topup_memory_caches+0x83/0x300 [ 282.071972] ? kvm_vcpu_kick+0xef/0x1f0 [ 282.076085] kvm_mmu_load+0x1e/0xc90 [ 282.079806] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 282.086450] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 282.092303] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 282.097510] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 282.103349] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 282.108582] ? lock_acquire+0x170/0x3f0 [ 282.112840] ? lock_downgrade+0x6e0/0x6e0 [ 282.117257] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 282.121510] kvm_vcpu_ioctl+0x3df/0xc70 [ 282.125475] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 282.131898] ? trace_hardirqs_on+0x10/0x10 [ 282.136229] ? __fdget_pos+0xa6/0xc0 [ 282.139935] ? fsnotify+0x897/0x1110 [ 282.144222] ? __vfs_write+0xec/0x630 [ 282.148026] ? proc_tid_io_accounting+0x20/0x20 [ 282.152786] ? SyS_write+0x1b7/0x210 [ 282.156692] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 282.163093] do_vfs_ioctl+0x75a/0xfe0 [ 282.166980] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 282.172999] ? ioctl_preallocate+0x1a0/0x1a0 [ 282.178337] ? security_file_ioctl+0x76/0xb0 [ 282.182853] ? security_file_ioctl+0x83/0xb0 [ 282.187382] SyS_ioctl+0x7f/0xb0 [ 282.191129] ? do_vfs_ioctl+0xfe0/0xfe0 [ 282.195117] do_syscall_64+0x1d5/0x640 [ 282.199984] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 282.205575] RIP: 0033:0x45cb29 [ 282.209560] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 282.217826] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 282.225189] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 282.232448] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 282.239799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 00:31:50 executing program 3 (fault-call:7 fault-nth:1): r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 282.247472] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:50 executing program 2 (fault-call:10 fault-nth:18): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:51 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = eventfd(0x0) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r4, 0x118, 0x1, &(0x7f00000001c0), 0x4) r5 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r5, 0x118, 0x1, &(0x7f00000001c0), 0x4) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r5, 0x118, 0x1, &(0x7f00000001c0), 0x4) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r6, 0x118, 0x1, &(0x7f00000001c0), 0x4) r7 = dup3(r6, r0, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) 00:31:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r9, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r9) splice(r8, 0x0, r9, 0x0, 0x100000002, 0x0) ioctl$KVM_SET_TSS_ADDR(r8, 0xae47, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 282.396256] FAULT_INJECTION: forcing a failure. [ 282.396256] name failslab, interval 1, probability 0, space 0, times 0 [ 282.445140] CPU: 1 PID: 14650 Comm: syz-executor.3 Not tainted 4.14.184-syzkaller #0 [ 282.453996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 282.463704] Call Trace: [ 282.466475] dump_stack+0x1b2/0x283 [ 282.471394] should_fail.cold+0x10a/0x154 [ 282.475818] should_failslab+0xd6/0x130 [ 282.479811] kmem_cache_alloc_trace+0x2b7/0x3f0 [ 282.484535] kvm_irqfd+0xefc/0x1790 [ 282.488186] kvm_vm_ioctl+0x2c3/0x1430 [ 282.492181] ? __lock_acquire+0x655/0x42a0 [ 282.493662] FAULT_INJECTION: forcing a failure. [ 282.493662] name failslab, interval 1, probability 0, space 0, times 0 [ 282.496418] ? kvm_vcpu_release+0xa0/0xa0 [ 282.496440] ? trace_hardirqs_on+0x10/0x10 [ 282.496452] ? fsnotify+0x897/0x1110 [ 282.496467] ? __vfs_write+0xec/0x630 [ 282.523965] ? proc_tid_io_accounting+0x20/0x20 [ 282.528730] ? SyS_write+0x1b7/0x210 [ 282.533297] ? kvm_vcpu_release+0xa0/0xa0 [ 282.537938] do_vfs_ioctl+0x75a/0xfe0 [ 282.541877] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 282.547595] ? ioctl_preallocate+0x1a0/0x1a0 [ 282.552044] ? security_file_ioctl+0x76/0xb0 [ 282.556675] ? security_file_ioctl+0x83/0xb0 [ 282.561092] SyS_ioctl+0x7f/0xb0 [ 282.564651] ? do_vfs_ioctl+0xfe0/0xfe0 [ 282.568731] do_syscall_64+0x1d5/0x640 [ 282.572729] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 282.578999] RIP: 0033:0x45cb29 [ 282.582591] RSP: 002b:00007fef90e47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 282.595104] RAX: ffffffffffffffda RBX: 00000000004e8860 RCX: 000000000045cb29 [ 282.602455] RDX: 0000000020000080 RSI: 000000004020ae76 RDI: 0000000000000005 [ 282.611364] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 282.619762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 282.627072] R13: 00000000000003c8 R14: 00000000004c6811 R15: 00007fef90e486d4 [ 282.634731] CPU: 0 PID: 14665 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 282.642932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 282.653766] Call Trace: [ 282.656503] dump_stack+0x1b2/0x283 [ 282.661805] should_fail.cold+0x10a/0x154 [ 282.666402] should_failslab+0xd6/0x130 [ 282.670478] kmem_cache_alloc+0x28e/0x3c0 [ 282.674746] mmu_topup_memory_caches+0x83/0x300 [ 282.680083] kvm_mmu_load+0x1e/0xc90 [ 282.684389] ? kvm_apic_accept_events+0x16f/0x3f0 [ 282.689347] ? kvm_lapic_enable_pv_eoi+0xc0/0xc0 [ 282.694210] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 282.699450] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 282.705008] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 282.709897] ? lock_acquire+0x170/0x3f0 [ 282.713885] ? lock_downgrade+0x6e0/0x6e0 [ 282.718072] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 282.725180] kvm_vcpu_ioctl+0x3df/0xc70 [ 282.729169] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 282.735709] ? trace_hardirqs_on+0x10/0x10 [ 282.740996] ? __fdget_pos+0xa6/0xc0 [ 282.744722] ? fsnotify+0x897/0x1110 [ 282.748508] ? __vfs_write+0xec/0x630 [ 282.752435] ? proc_tid_io_accounting+0x20/0x20 [ 282.757088] ? SyS_write+0x1b7/0x210 [ 282.763580] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 282.769468] do_vfs_ioctl+0x75a/0xfe0 [ 282.773275] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 282.778978] ? ioctl_preallocate+0x1a0/0x1a0 [ 282.783384] ? security_file_ioctl+0x76/0xb0 [ 282.787777] ? security_file_ioctl+0x83/0xb0 [ 282.792167] SyS_ioctl+0x7f/0xb0 [ 282.795512] ? do_vfs_ioctl+0xfe0/0xfe0 [ 282.799513] do_syscall_64+0x1d5/0x640 [ 282.803392] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 282.808581] RIP: 0033:0x45cb29 [ 282.811759] RSP: 002b:00007fd83c153c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 282.819450] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 282.826720] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 282.833971] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 282.841220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 282.848483] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1546d4 00:31:53 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:53 executing program 3 (fault-call:7 fault-nth:2): r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:53 executing program 2 (fault-call:10 fault-nth:19): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:53 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x10004, 0x0) 00:31:53 executing program 1: r0 = eventfd(0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r2) splice(r1, 0x0, r2, 0x0, 0x100000002, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r1, 0x80045500, &(0x7f0000000000)) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd(0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r9, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r9) splice(r8, 0x0, r9, 0x0, 0x100000002, 0x0) ioctl$LOOP_SET_STATUS64(r9, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffe01, 0x6, 0x0, 0x1, 0x1b, 0xd, "b6e31ccf53e6df23e086e78b0a0cbe2ed402c65402af7e6b30c9da3b6fa3b36efd41ec8b1455ece1ebc20f3036eaac5fab3401d4d8ebbe5c365eb68db8221120", "2517f4f028ccb891bac265ca3d1cbe3af0dd1adcd7e9c69b0e5ac9c7da7e5093b7733f5b9dd4f012942b09f03e9198a10e13253209cf60de85ba74868d40c8f3", "5f1d253d013c4339a461ecad69992e613dde3228ecad55776de60ed66a219f00", [0x7, 0x527]}) r10 = dup3(r6, r4, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x2, r0}) 00:31:53 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) syz_emit_ethernet(0x68, &(0x7f0000000240)={@dev={[], 0x3a}, @link_local, @val={@void, {0x8100, 0x7, 0x1, 0x4}}, {@mpls_mc={0x8848, {[{0x7fff, 0x0, 0x1}, {0x7}, {0x1, 0x0, 0x1}], @llc={@snap={0xaa, 0x2, '\n', "198834", 0x17, "713b6590bcffabce9a6e457ffc58ffb30224b80b055c4ce27a1f40830b80a975a9a2d600e26be8c635375a65ac800100ded634ae658e6f08efb1acf6e0ff5a706e2f"}}}}}}, &(0x7f0000000040)={0x0, 0x2, [0xe1f, 0x27c, 0xd8e, 0xb1e]}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r3) splice(r2, 0x0, r3, 0x0, 0x100000002, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r3, 0x5201) r4 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) r9 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x300, 0x0) write$vhci(r9, &(0x7f00000002c0)=@HCI_SCODATA_PKT={0x3, "5fa76456fc67b5834c99f28fcf2ccc8eaea9f04747fed7c3a0addbfc234c39c66bcf61ba8fed1c5f2ab3b6537981b2cc12771de62123b75caff106bed01ef5722f4c1cac2a6f7453cb1cfb91956b4af35c4160a585e40bdc5d8298847264917ea18411ad81d89abfe719c6ac3fdd7f4dada7a4c9215034983210a7d9aac6b8c790611f823ce37146936596aceb83912343060b84becbd51946c3db01"}, 0x9d) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000000)={r8}) r10 = dup3(r7, r5, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x3}) [ 284.796334] FAULT_INJECTION: forcing a failure. [ 284.796334] name failslab, interval 1, probability 0, space 0, times 0 [ 284.811693] CPU: 1 PID: 14720 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 284.819607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 284.828965] Call Trace: [ 284.831563] dump_stack+0x1b2/0x283 [ 284.835201] should_fail.cold+0x10a/0x154 [ 284.839356] should_failslab+0xd6/0x130 [ 284.843328] kmem_cache_alloc+0x28e/0x3c0 [ 284.847460] mmu_topup_memory_caches+0x83/0x300 [ 284.852117] ? kvm_vcpu_kick+0xef/0x1f0 [ 284.856145] kvm_mmu_load+0x1e/0xc90 [ 284.859987] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 284.865420] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 284.870331] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 284.875251] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 284.880071] ? lock_acquire+0x170/0x3f0 [ 284.884024] ? lock_downgrade+0x6e0/0x6e0 [ 284.888156] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 284.892281] kvm_vcpu_ioctl+0x3df/0xc70 [ 284.896368] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 284.902249] ? trace_hardirqs_on+0x10/0x10 [ 284.906902] ? __fdget_pos+0xa6/0xc0 [ 284.910605] ? fsnotify+0x897/0x1110 [ 284.914314] ? __vfs_write+0xec/0x630 [ 284.918112] ? proc_tid_io_accounting+0x20/0x20 [ 284.922771] ? SyS_write+0x1b7/0x210 [ 284.926557] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 284.932438] do_vfs_ioctl+0x75a/0xfe0 [ 284.936225] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 284.941845] ? ioctl_preallocate+0x1a0/0x1a0 [ 284.946266] ? security_file_ioctl+0x76/0xb0 [ 284.950655] ? security_file_ioctl+0x83/0xb0 [ 284.955050] SyS_ioctl+0x7f/0xb0 [ 284.958397] ? do_vfs_ioctl+0xfe0/0xfe0 [ 284.962368] do_syscall_64+0x1d5/0x640 [ 284.966244] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 284.971423] RIP: 0033:0x45cb29 [ 284.974623] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 284.982313] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 284.989563] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 284.996908] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 285.004184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 285.011561] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:53 executing program 2 (fault-call:10 fault-nth:20): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:53 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) eventfd(0x0) r5 = dup3(r4, r2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) openat$cgroup_procs(r7, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) vmsplice(r7, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r7) splice(r6, 0x0, r7, 0x0, 0x100000002, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x2, r0}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r9, &(0x7f00000002c0), 0x0, 0xa) close(r9) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000002, 0x0) write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, &(0x7f00000001c0)={0x1, 0x1}, 0x2) splice(r8, 0x0, r9, 0x0, 0x100000002, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r8, 0x28, 0x0, &(0x7f0000000140)=0x1, 0x8) 00:31:53 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r1, 0x118, 0x1, &(0x7f00000001c0), 0x4) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000040)=@req={0xfffff34a, 0x1ff, 0x1ac3, 0x16}, 0x10) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) r6 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r7) setfsuid(r7) write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f00000002c0)={0xdf, 0x6, 0x0, {0x8, 0x4, 0xb6, 0x0, '][\\]+\xe0%:i\x968(L\xbadjQF\x90\xe6\x99\\\xeeo!\x18h\x82\xe8l\xefZa=e=\x80\xb7\x19T\xb2\x11SD\xa3)+4\xe3u\xa1\xd9\xf7\xc8\x03\xd9\xf1\xc2-\a\x16\"\xbe\xbf\xffv\x7f\xea\xdar\x9f)\x94!\x9a\xc8\x91\xcdQ\xd4\xe1\x96\xec\xcef}\xda\x98\n\xcb\xcd4\x19\x19(\x1e\xbe\x7f\xf0\x14C\xf4\x1279\x80\x92\xe2\xfe\xb2\x1cI\xb3\xe1\xa5&sh\xf2\xa9\x89\x06\xcf\x92?\xd4[\f\x9f\x1d\xcbJ\xcb\xaaq\x9dv\x87\xdd\xd0\xbb\xd6!\t?\xcfql\xa3\xf3?\xe5\x03\xc2\xf1$\xdc?\x15\x0fGO\xb1\xd1\xfd\"\xe8V\x9d\xa5\xd7d\xa0\xabP\xc0_0\xb2\x0f\xa7a'}}, 0xfffffff9) [ 285.235658] FAULT_INJECTION: forcing a failure. [ 285.235658] name failslab, interval 1, probability 0, space 0, times 0 [ 285.270890] CPU: 1 PID: 14777 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 285.278827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 285.288183] Call Trace: [ 285.290784] dump_stack+0x1b2/0x283 [ 285.294422] should_fail.cold+0x10a/0x154 [ 285.298576] should_failslab+0xd6/0x130 [ 285.302565] kmem_cache_alloc+0x28e/0x3c0 [ 285.306718] mmu_topup_memory_caches+0x83/0x300 [ 285.312692] ? kvm_vcpu_kick+0xef/0x1f0 [ 285.316672] kvm_mmu_load+0x1e/0xc90 [ 285.320390] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 285.325842] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 285.330782] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 285.335721] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 285.341185] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 285.346028] ? lock_acquire+0x170/0x3f0 [ 285.350011] ? lock_downgrade+0x6e0/0x6e0 [ 285.354172] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 285.358324] kvm_vcpu_ioctl+0x3df/0xc70 [ 285.362306] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 285.368199] ? trace_hardirqs_on+0x10/0x10 [ 285.372522] ? __fdget_pos+0xa6/0xc0 [ 285.376264] ? fsnotify+0x897/0x1110 [ 285.379978] ? __vfs_write+0xec/0x630 [ 285.383776] ? proc_tid_io_accounting+0x20/0x20 [ 285.388444] ? SyS_write+0x1b7/0x210 [ 285.392173] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 285.398085] do_vfs_ioctl+0x75a/0xfe0 [ 285.401905] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 285.407548] ? ioctl_preallocate+0x1a0/0x1a0 [ 285.411979] ? security_file_ioctl+0x76/0xb0 [ 285.416393] ? security_file_ioctl+0x83/0xb0 [ 285.420818] SyS_ioctl+0x7f/0xb0 [ 285.424188] ? do_vfs_ioctl+0xfe0/0xfe0 [ 285.428172] do_syscall_64+0x1d5/0x640 [ 285.436419] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 285.441613] RIP: 0033:0x45cb29 [ 285.444803] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 285.452516] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 285.459795] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 285.467187] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 285.474482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 00:31:54 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) dup3(r5, r3, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x3ed, 0xff}) 00:31:54 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x7, 0x0, 0xff, 0x7}, {0x19, 0x2, 0x4, 0x6}]}) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 285.481846] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:54 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x10004, 0x0) 00:31:56 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:56 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x10004, 0x0) 00:31:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r2) splice(r1, 0x0, r2, 0x0, 0x100000002, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r4) splice(r3, 0x0, r4, 0x0, 0x100000002, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f00000000c0)={0x2, 0x1, 0x4, 0x20, 0x10000, {}, {0x2, 0xc, 0x7, 0xfe, 0x40, 0x1f, "40a4092a"}, 0xe82, 0x2, @offset=0x80000001, 0x4, 0x0, r4}) socket$inet_tcp(0x2, 0x1, 0x0) r5 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0xbd) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000000)={r8}) r9 = dup3(r7, r6, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000040)={r8, 0x0, 0x1000007}) 00:31:56 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r4) splice(r3, 0x0, r4, 0x0, 0x100000002, 0x0) ioctl$KVM_S390_UCAS_UNMAP(r4, 0x4018ae51, &(0x7f0000000200)={0x1, 0x4, 0xfffffffffffffffc}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000100)="72fa9312741ee57ebbdd80d46aae00b00665bf3ac4d4fa385d0e23b7ecb0972c2b6ee4c6c10e0db99b98fe6ec3eee0e039d1b811b1bfc9c39d82bad9c34ceaa6130520f5de56475170d1ab2721c60c426c24bbf2ecb9933e4ffc788e8fe07e2c99f63774b0b0c071a108c92a7c4f789c771e0fbcc2694d8e25457ffe676c3c97ff155d0c1735ca48e219cd0207d7f94c8d44309f49ba71a63b01127b38a956b04b1b34ebc3fe00d33efa1a202a5400306f322d84177db1f075c9aa10b132ce0d1d2c32c3efa92a004391086ff53cc02c235bb94551f0685ea376591cff984c99e673ebfb35a5a201cb6e152e687b3de539e8599de155ad11a89538f2a99506", 0xff) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x80, 0x0) r6 = eventfd(0x0) socket$isdn(0x22, 0x3, 0x22) r7 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r7, 0x118, 0x1, &(0x7f00000001c0), 0x4) r8 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r8, 0x118, 0x1, &(0x7f00000001c0), 0x4) r9 = dup3(r8, r2, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x2, r0}) 00:31:56 executing program 2 (fault-call:10 fault-nth:21): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:56 executing program 3: splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000002, 0x0) setsockopt$IP_VS_SO_SET_EDIT(0xffffffffffffffff, 0x0, 0x483, &(0x7f0000000240)={0x8, @remote, 0x4e20, 0x0, 'sh\x00', 0x2, 0x8001, 0x42}, 0x2c) r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) prctl$PR_GET_TID_ADDRESS(0x28, &(0x7f00000001c0)) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r8, 0xc018620c, &(0x7f0000000200)) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xc0, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480)=r9, 0x4) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000180)={r6, 0x10, &(0x7f0000000000)={&(0x7f0000000100)=""/110, 0x6e, r9}}, 0x10) 00:31:56 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x10004, 0x0) [ 287.875349] FAULT_INJECTION: forcing a failure. [ 287.875349] name failslab, interval 1, probability 0, space 0, times 0 [ 287.934419] CPU: 0 PID: 14880 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 287.942345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 287.951718] Call Trace: [ 287.954315] dump_stack+0x1b2/0x283 [ 287.957980] should_fail.cold+0x10a/0x154 [ 287.962142] should_failslab+0xd6/0x130 [ 287.967166] kmem_cache_alloc+0x28e/0x3c0 [ 287.971325] mmu_topup_memory_caches+0x83/0x300 [ 287.976006] ? kvm_vcpu_kick+0xef/0x1f0 [ 287.979988] kvm_mmu_load+0x1e/0xc90 [ 287.983709] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 287.989172] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 287.994122] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 287.999065] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 288.005053] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 288.009906] ? lock_acquire+0x170/0x3f0 [ 288.013887] ? lock_downgrade+0x6e0/0x6e0 [ 288.018042] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 288.022194] kvm_vcpu_ioctl+0x3df/0xc70 [ 288.026177] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 288.032071] ? trace_hardirqs_on+0x10/0x10 [ 288.036408] ? __fdget_pos+0xa6/0xc0 [ 288.040127] ? fsnotify+0x897/0x1110 [ 288.043842] ? __vfs_write+0xec/0x630 [ 288.047644] ? proc_tid_io_accounting+0x20/0x20 [ 288.052324] ? SyS_write+0x1b7/0x210 [ 288.056050] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 288.061941] do_vfs_ioctl+0x75a/0xfe0 [ 288.065745] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 288.071374] ? ioctl_preallocate+0x1a0/0x1a0 [ 288.075800] ? security_file_ioctl+0x76/0xb0 [ 288.080300] ? security_file_ioctl+0x83/0xb0 [ 288.084711] SyS_ioctl+0x7f/0xb0 [ 288.088082] ? do_vfs_ioctl+0xfe0/0xfe0 [ 288.092065] do_syscall_64+0x1d5/0x640 [ 288.095962] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 288.101159] RIP: 0033:0x45cb29 [ 288.104354] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 288.112069] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 288.119345] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 288.126619] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 00:31:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000002, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r7) r8 = socket$inet_udplite(0x2, 0x2, 0x88) r9 = creat(&(0x7f0000000140)='./bus\x00', 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) fchown(r9, 0xee01, r10) write$P9_RGETATTR(0xffffffffffffffff, &(0x7f00000000c0)={0xa0, 0x19, 0x2, {0x0, {0x10, 0x4, 0x8}, 0x1, r7, r10, 0xcb, 0x3, 0x10000, 0x2, 0xbc, 0x40, 0x2, 0x6, 0x100000001, 0x100000000, 0xb0d, 0x5, 0x3, 0x90, 0x800}}, 0xa0) r11 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r11}) r12 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r12, 0x4020ae76, &(0x7f0000000080)={r11, 0x8001, 0x4, r11}) 00:31:56 executing program 1: r0 = eventfd(0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x40000, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r3) splice(r2, 0x0, r3, 0x0, 0x100000002, 0x0) fanotify_mark(r1, 0x70, 0x8000018, r2, &(0x7f0000000100)='./file0\x00') r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) r9 = dup3(r7, r5, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x2, r0}) [ 288.133911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 288.141273] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:56 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r3) splice(r2, 0x0, r3, 0x0, 0x100000002, 0x0) ioctl$TIOCCBRK(r2, 0x5428) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x4) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x20, r6, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) sendmsg$NL80211_CMD_GET_KEY(r3, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x78, r6, 0x300, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_KEY={0x34, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "7c1e485519"}, @NL80211_KEY_DEFAULT_TYPES={0x8, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_KEY_MODE={0x5}, @NL80211_KEY_DEFAULT_TYPES={0x8, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}]}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x24, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x78}, 0x1, 0x0, 0x0, 0x4000000}, 0x48804) sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x28, r6, 0x100, 0x70bd28, 0x25dfdbfb, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x2}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x3, 0x2}}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x8c0) r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r8 = eventfd(0x0) r9 = dup3(r7, r4, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x2, r0}) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000003c0), 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, 0x0, 0x2, 0x70bd2b, 0x25dfdbfc, {{}, {}, {0x14, 0x18, {0x9e, @bearer=@udp='udp:syz2\x00'}}}, ["", "", "", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x8021) ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, &(0x7f0000000000)=0x20000000) 00:31:56 executing program 4: pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x10004, 0x0) 00:31:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000040)) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:31:59 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:31:59 executing program 2 (fault-call:10 fault-nth:22): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:31:59 executing program 4: pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x10004, 0x0) 00:31:59 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x3, 0x4, 0xa2}) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:59 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r3) splice(r2, 0x0, r3, 0x0, 0x100000002, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0205647, &(0x7f0000000100)={0xa20000, 0x71, 0x1, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x9b0901, 0x9, [], @p_u8=&(0x7f0000000040)=0x5}}) getsockopt$IP6T_SO_GET_REVISION_TARGET(r4, 0x29, 0x45, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e) r5 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = eventfd(0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000000)={r9}) r10 = dup3(r8, r6, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r9, 0x0, 0x3}) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0) 00:31:59 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) r7 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r7, 0x118, 0x1, &(0x7f00000001c0), 0x4) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x101, 0x6, 0x18, 0x1}]}, 0x10) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:31:59 executing program 4: pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x10004, 0x0) 00:31:59 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r4) ioctl$sock_SIOCGIFCONF(r3, 0x8912, &(0x7f00000019c0)=@buf) splice(r3, 0x0, r4, 0x0, 0x100000002, 0x0) ioctl$VIDIOC_QUERY_EXT_CTRL(r3, 0xc0e85667, &(0x7f00000018c0)={0x180000000, 0x5, "4b825045219b0a592cb0f50c2eedbea51020cea273cf53ecf1b5f2c958faa1c9", 0xb, 0x0, 0xfffffffffffffff9, 0x621, 0x8, 0x9, 0x10000, 0xfff, [0x3f, 0x4, 0x0, 0x9]}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd(0x0) r8 = dup3(r6, r2, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x2, r0}) sendmsg$tipc(r8, &(0x7f0000001880)={&(0x7f0000000000)=@id={0x1e, 0x3, 0x2, {0x4e23, 0x2}}, 0x10, &(0x7f0000001700)=[{&(0x7f0000000100)="f516ed80a3adf6599d2ded77b2c3b906727e235b644b68719052f256f96f5c22bffae6dbc90e6d6b1ba1cd86560f753f2186534167737f09c84f90e1e16b63284188a0210c7976357bd995be5923911cc4cec872bbb37ef4ac449a52addfe036030ff3", 0x63}, {&(0x7f0000000180)="caf08780b995ac3b3fcf4da4e9eb4bcf7d16a69b24c402782aa7d4738aaa9cd02aa43306cfbf6659ed778a0712679c40173491945a2f53", 0x37}, {&(0x7f00000001c0)="5e6a4d7a6a3115c3dd1ebff0eb937507fcb9b07e7a0e8d790efb83d01fd669eec616209e28388bbd2bc067a3443327d7967b8b1b7e03dc1abcd2f54fd57cc1429c943401b4f8d49ae9697dc211e5435c87d222242b9403f8f20524e6f9462726c747a73b3e2841f36a3d7b970e0fd7c7b23ac73d2b01cb3c7d68ec7c21d372297012de2a592ca4f7b8caf13195b3309aa43ebf387255843a4996878e6080047661a663354605ac9c40f3e9aacf4ae7661551cfd6617ae15e1ecf2b92c2a6549107f0c145d84834aa9ec5c4aca20a3b47b8589f40df6b8cd25a172ae4c446", 0xde}, {&(0x7f00000002c0)="0fa51df8e75e3b87783147a1f5f35438b7b0debbdd7fcee88b200e8f4513277789bdc308ad856ca3c097ab4e174dc9f71e40dc03fa88e6ca41b2e6136c8d5269cc37a785b19552fd76b7e939e6358d7d0377475e4844d907ef73860351020f99c3eae8a541f6580b27ec346835323fede0e0a533b85f5c5362f6b0239fa78c83a6494f3b58236d1a9bbe856890bad2c21f524bddb01e6a43d966be54b95cc14d19f7dcc60619ceb268395e4e559c86a8a510513a7dd66503b28b3112b5b17e34a53857332bc779611b0e8572b7c292eeeef3da45dfc32bba53774763fdaedc7d03d2728357d37e8c0c46de567cacc7102b4c269141bac5fd901cbd1cff2cfb419f33694f4dd6a774289d80f33985c75d2d510d9177f0278b185913b2051e35ddd9d8bd573112faa77d4a79312061d7f53ffc787787a132b03d13458b2e4d51d9ebcf7114cdeb0f6784d75f21523bdbf752b8827702c83bee223aba61648d0a0008ad131889ec77dfd7afdadff1c88d17ab2b8628bd7687ed655740d8be1490a93a5a4ad6497c3c7a1253e14498a6a3463325c35ec8d131689e6cdd5bd17e81e9e3bd7a84696e492aab7daaf27c91f23dd83476e0a321d6a0a8b70fda1097381bdda7c54a0e17c0ce80759c165512385056ca64eb3723b97f860107cc9ade8ada952a310286d22e6935ea86563ac560164540fd744f9450e6798868b2c8a61dd9ef56a5523538728feec2b1714c9ad03900d7a6bed387203dfbb6fe01f8b0e66dc06297123e13311a74c3295e996c3386acaf3a37389030c9d30f0c2086b268c7b785d4c1ab3140f775eab64fc77506a9782cafdca09f452792689ba5c72a15eb9d70b069d63e50b31f69dbaf55b9c6c2b1e669f19757d503ffe53e1ff3183f16d46f3434ae2919488511a55825870bafea165e455e2f477e2df8664dd2eb10707ddbaa75f31bcfa72088a6c3915efb84602a1cc3c84275399e3181fcf58b2ab627c1dab8d7fb2cfe8ddc1f450d4f8519fb82db7ea96a6a23c531993cbee295df9aa605bc0ea43e543d0c6a97876da1a92ce108e121f01608cff33f40b2fc12790e2106038d1d47b920d7d6bd4e4f4ec3ea409022289b3c251b20d46623cbce7672580bd2864de93b4b8028b6c48a9ed5609ba876d66acd8491bc26270c75e936591f33910bb71d3c10b26589cd4dc39313dd16157c712fd1133307b57cc2b7a5dde17bfcb347146ec4135bd42a8e87433caa01275afdc9680d331ce1cd8a96a09b6e3e9a0391ff534d79175f80ca0e7f124de6bbd5e1da575bca9cd3a57660f77e5b2a2b306e97cb558d1ab989ade263280052ac3d2e09f1e1dbe90a519c5f04327343a5b040224de8781172c482a3d6e2aeea982e5fe99155cdb4dd599ef8bf74465824fae6e57d76a67532e36128c8055d05cd8e400dddc11a683b1508568466a765714f6a1bc1857ae5bbd1a539ebae8402aa2464beef702fb2e755876a2c6aaf8b9e3ae96abc9bb73729785b1b2540d64342f53fcc6f3d534dc3954e643400919e2e4904d3026e171261ec6c8c2e77579382265c9e96c578652e2fea27b2e9b92f4c4eee001d93c5a4534f4cfbb77c84a04f83d3850f25c314538411fb47a6d3bd403a8b173e2c3791b54d01114350d5a6772b345bd3635a999d11e892c505e70f92ed16d84f41111a6349ac20d9232d38cbcb76952933f033e1e39f987fd3d86928ea8de2295bbd8a3fc3185e11eb9b65dafc854322332697048a0499784516e299c147a76ea2fa25da65654de2d6d28bb75442641376ddf3481df3d2a6a4afd2f8e95de72e6567def99a118db6ae836b2eb4c5a3b9f30676db47fb5c61ac893ddaa651624bcc9075bf36daa066ae452d3409a50c2fed34f4f50b0e3bb5cc469352e73494097ba7ead43036f891160973bf1f600ca3f6ae57c55dffe59b507e5a21a06d15be6e9c36b37e7dae12f379db58e88a131b3e672cc81e1ec36e108756269c6c0fd1904d79d9de23e75ce34e4a93aa080fa9fa525e9d2b36386a628367b12e49716b85c9e466ebd47ca5a21cfc8b031ce7ec8248c696250051fdbb9e2aeb13dfe55a3c8fc55e706ae2d529d500c425b4f6f05c779f57c95ab9f9802936686cfcd9919b4a8517cf9884acc52cd2b87a9c9e02383fcecb51c65ccc3e01fdbc26eb0ebaa190967cf5ff56fba6f65c1027f24fc9094f713096fa15c02af1281b6ed6138b3205793b5dead13e0f96216b398fe2b818806ece5e2f9a14ac0769281bef2282d56366d75734d74113d1142192f4115523e3e2ffdd86ba5f397b7ac22a3b22911edc69286b96ea942052287f865e5c85ee20838b3be9a918c17e1816415246aed37591a5243a43034553ca4b6668dc4c24dd110e274358e8ed817d94977e0b7ec00db34b09b865afc2f6068d0dcddf36e4eaf813511387665ed2694a7a043a7bb1279c16e321b8ce815cedadbf99ef0a1d51e349706bb288a8e7153a503df22227ed2dec59db9e09cf26a1619dc7cf3cec35e89700615e8993d5bfbfcf53ece01353a21877719f7ffa76ccc933bb1541abd4727a1b8e7e29d3101f479d0a1caa87938e3549f40b005b8fcc25a0b2f846b2c9090340f6621755f130e3b2e0fd85b33e5bd333ab1270e738bfbe6b8003985fc9ab83ca29da7bf1e5cafd7f7a2276bd02dd7d116a3c69e2a4a92e88cef5159894b7b024c8f7961d5d2cced1e8a9281563e0b966dc4f585eefb322bb4e8134e3c76a9db35ff0104ad8a5b180fa7157f40fb241451fd46ef160409cf4a321012c18d2114aef53b52e1c17a6fa228b4ed21a9e769100257ae03a2b51d58e2078e2def0bb34a68fc856d7828a1ace6b7f58972ac16d57c896d7f37ac04360e6ec75868b58239146008d36d7d0aa0e335505d09cd46c7d0600a68f60c2dcb73f6f29dae9c718c96f5b1e2462e0a8191552d17032e2e5fe63a8ffd4d445fc94fb792226eb588f02ee8b2a91f838217943939037e1d89cc4a3284428aaaa8051e336c4810aac9a90775072e5f4e5a9793aa429f645a182202480724df5f2f0ce432cc62e327377262b665b0abf18059b59271a11d0159bf607072d3fc8665eb3a1c2a984323ee900f1fc60c818ce12ddd05797499fc1d18aa003e15efa38a59250953bd70f8fc8007f0dea6c236bd8163540de96413ea835847308569c9d0457a8796e55a6da603b18e7f9f9506da31b3df3ed748314f678aad41c2023e8f2f61a8f5d69a65204c540b5175487123e4edea7fa28d19410884108f793c3e59d8a451840fde4ede7f3e465d30fdadac61632f197c6f1cde9d197f1b70cd22179972333a3b4baa24e98870c8f140f2583eeb622674f1345332d0cbeb1cbf39500f0b630c879cee239fa4e36fd03e879fd6c32f78a6799821e390f71c73fae28a0bfbbe6789b71612f014af891919593fc0c79cbc054647b68822786f6272f60cafde20cf12415100cfe0e5cf95d237b475c395400055766eafb71d8341f86844e1576302043cd69ebac0591e9ab5c79b2c8090d97195420fa046961b2949bab39cd2bced496476606a0cca1d035256d86ad80bedd4f0f0cb6af9377d7ac1b0cbb255020bb58113673e689f4adc2d1a4e3644e0e9f0fabeb72d934311658f07bb560500bbfcc3a1b84633d6f250f3abe0728d81832de7475ed0d6dc4a0fe60af69e78f15cf87812673789aedc83996ecefe4177bcace7627fa162e5eff0ad4528569db2ba8f2a836d6792e9af4899b9ea43445bb01654d3a6040fbf4c65ec5c4303cdb5bd1742fb24b8d952e962a1f5641b6118c56ab7e566093aa49cc65d79127f7869bf2acacf37e570e5218ee6051da0e917343d3fdb1d5af265285a308a3cd2a92fed60ab1f2f6624be3bd290430fd89b99f2765e4508a0f2d78dfdf9e4c48f6f4cf3cc98dcb46256bc46b71aca04793f546e0a5abe25c0da7f9e1999b8321286f29420f8ef80da7acf33ff07b2de98c7ce76a5b1ae2c114ea6a52a8fa773633f989e5ae9f73ebf1e71f9e3ac3c992eba02ea1000be25008d745c5c1ad3e16b0a2476dd9b9d4b006f466bdf16b04cba6db7d89529b779f1e4db60eec2289e30a7474e570217bed3acc46b2871c13a16410d5547987b8be1782252eb86e3829ea4c85b9e552352e44a6ce03a0398cdb632e7221c3411884e37f4c3a684b98ee64e9b541104dccefe79f3a5edb8b5a80de1aedeb05f1e0218a15bf1e0c836141903e5aec12b637ac23e524556d1d050fff211d66708dd02c06d413236b51a5efb970323b98c71451d408be0975739a59c1c1b523a045f54e6eac61ec9bd1769d299fe66bf5b5b7e16a6aa1570414e2df5b7c702f9a7578f37e7fe012c674ca435fbc9c2b37c4068ec7a6d416ae22ac3f3f4090a33ace9a78555299b339e5fc96beb975c4e96611821caaa87beb2f34ec966e80967de56f84437ecb13d9fd27291bc696d69a890e5e2812fa78df9106ed31191384905c9454226ce29ea303d273f16fd0a28e950b1cfc86a7356877766102027f642d5a40429b0847cd6450a2736a78fef9a3e9b5911ed14886d0543b7d05e0b484b83848e31d469f44332e10c35c09c3df933bc75a4f240a49b9aa2895874c3fbf394d1677a718ab821b314e42ea5bf3919522d85ec1346a3d42c2925b0146c6ddb9ef28a7fc1ed424e1069b92df5cb361d094c34d5cc1c4504decac852e9ce3ba68a78a6607bcef445fa7e20d7259527be18c6cdb3f623d0917f67153fcffe40210874e16bb3f86b4b4fb6aa3340e7d5a300515c0e31abe0a60da2d8f8c049a1a70ccc31f2a168b41166e515c5cc0b08f2576f3163037bebb8e07e7b3a50330f1f07d4a23489365a37356c739e6bbffc1240448863c410a1c616c95bd132011d1ae71e614f4424c69e2a68d2604496f581d010a473702c63939681c484ee70151941a88d3ded5df34a95a3746f17ac625a6332583af63f8266146cf74d4315e3d664cfadfdc7552c2b8f2d412e20d0525116f7b5a1e761c4cbba70cb1715c7cb6d2aea7bcdd0d6ed289dbb1f745b787d72b86df0f47377db0af3b8779adcc48b952b0b54d621cdfd0d4ae2e3dc38888f5709f53ae4c2b125c6265b6e12e8fc0c208b1b872af5386a95bbde62bc42e3a7dca24d9231e7a49fb274f542b64e9321d9f2553836c45075adcd777562f726f8fd027ad2e89cb6e8f56f94dacd8ccef4b059d6a7296104a8430584a4770422f67b6f70c11ca1ca914c52096077a775e3990be7c9dd8d5f443025e03537789e5fa38bff303be9cbd37991692249584e0ed3e8d854ec602159f366092380ee5bd9cdaa378b0e6d94ebec5af47695f05fe57813a8847ef91029b2933bac0e4a5d4edd27269f76583aabb3a2e54d6146171327f52b117636644809c5d1b77296f561f9f873fc58d25943f27c458b6d8f93c40107369fd56e67bb0debfffe38370acdcf5190a04726d65987bfc44b6890348c2438717fbc6f7ae2d8db0a7a13c222055e5e11079a61990c86ced19e8718a0bf46df2ccd642f39e2a02c2e23488184b02b16273b04531955447895ca6f3122dd8375a8eb4ea7810ce363806c0062b48d0d77178a9d5d41a627aa2ac464654443fef050dc85050d15e102fc3cb16f7d28e3fa57e60b797e0551e30ee8f5812a355c6fbdf1e1949ddd4a5ea72eee54514056331a4b58684bea4a61e13383c3fd7ae1925c7c1434c7dc1158de82e245fc6225bc9c0c489f9ae6408bff1cee1f576825eb9865d39b1ed8c61c855581f84b98f348a9ae8192a9f", 0x1000}, {&(0x7f00000012c0)="a66a5e2bc0ea3a285b1e9b6c5a3d995e0b4a309e1ee27336f718614e0ddcf7ae34d414e2ad1329eff8e77ac52f1d8b4f0f26c38e295a31bee23572e24469d59a6219feb9d9f3048c9ded8715ec19a41de55e9ff962377a4c02130dbfa34d65893c8f01d0d19db366b0d5cc2402690376c61f2f7c089d778a09dae0fdd57233ed19354fc6ee51828fe428fd5b7d751f61cd707581d10f64c8292b42994cf8ae645a28b5491572b49329eba5bff2bd2c95871d02c8a1737d7429", 0xb9}, {&(0x7f0000001380)="d934cdf3964bbbd59019a3cda33ac6d008effcf165837a6ba78ea5253791dded6042e2ac9563a6839856e1d767999a7e3db1c30b126957c6f0af4252bc45faf6e986a2f4eceadc0071f71cbad960eb2fc9d5de7bf1b4501cc79b8eb2d841f8e92b20ece1c86a4f2ff6a01dfb7de6aa63ea3710b16e1879e9cf808593e65e6a24806a4cdf26238834", 0x88}, {&(0x7f0000001440)="e3d5459bb663e1c7f1118b8854d8797a44522b131b5513defdd4be58db3972abe34958fa8870820d656cbf00adadc6b7be6b234332bc7d66482c4f23773f4b258f86cfd18e2a6323db8e5657701cd33292098b428d24e96338493ffb81753e01309f6b1ee1c44ebb9199e340004cc7d427436e1c3b133947883c7a302fa0d8ce0b2914e1f956106cd4b39d7604a5688b1c77780fe0328391a937acd8bfaa9693b2ed88e2ae4c7071a577ab5b", 0xac}, {&(0x7f0000001500)="fc5f371f317bd35be1b19b6a7bfb1cb7aa2170d68fd7cb8e7015e3d130f006d529c06f5fe4aad370f4f2b42df427cae1c055741c8d75ab41aed50fedc91652516addc007e058c7f2f6017f4f0df06c2d3a0cf0201058b1e232a23746a841c4f63347ccef703b344c9a6e5b70b6483f13a1d662ed986d59ef71e948055d77bdada8a2fbaaa607656730413a81a1aec0d6b5b0a5e6e8725048cd756fefde4cd1710907c4f8b216f8fffd85f48d0f31632060d08091a02ea7c8074897e8385db8ef8a0444ac2ac22f2ad8f7219ab4119dff2e85fd10921ea5", 0xd7}, {&(0x7f0000001600)="a86cf638cd1863d7e50911b66c", 0xd}, {&(0x7f0000001640)="0a0363645528f86f4474d48d5551e45e19ad2ea9cf0f5fbcde30212ea7fad5cccd2df570eac76b254addde2339fff168cf9d321d6f992bd48a595e680b998207609fa6c10aa9a3ccfb362fed99d06159762f999bb67006f7e7520aeeb78ded4339b570626d3329d2775b851e0a8afe086bd716fd9fae7ff651eb17f9de54d61e8d14461a39e0", 0x86}], 0xa, &(0x7f00000017c0)="1e391013c88b23ac8c7ee4cec67a185bd7c38e46d03a5497345318daa82688a50d913e76199f59b36b712f46699c0e100b68dd9c28f399f724a0f57e54df4d60af15f7c0f10f117de1e8aade64b3fb93acf64186c6db07efc472d063d2d45c3e359a453c8f44b7214861d755bd99a840424f9c0c5fdb5dcbe43683f2a7e9a7b7983c1990658cdc6273803888ba01fa8602f877b88a2d9d142ea3e8d03ffe27fc11e67d638b6fb00e2d4137bfefae936719f25d80872ee3", 0xb7, 0x20000000}, 0x20000014) [ 290.903933] FAULT_INJECTION: forcing a failure. [ 290.903933] name failslab, interval 1, probability 0, space 0, times 0 [ 290.974373] CPU: 1 PID: 15022 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 290.983253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 290.992874] Call Trace: [ 290.995566] dump_stack+0x1b2/0x283 [ 290.999780] should_fail.cold+0x10a/0x154 [ 291.004642] should_failslab+0xd6/0x130 [ 291.008719] kmem_cache_alloc+0x28e/0x3c0 [ 291.013189] mmu_topup_memory_caches+0x83/0x300 [ 291.018758] ? kvm_vcpu_kick+0xef/0x1f0 [ 291.022839] kvm_mmu_load+0x1e/0xc90 [ 291.026657] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 291.032328] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 291.037749] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 291.043006] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 291.048796] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 291.053740] ? lock_acquire+0x170/0x3f0 [ 291.057731] ? lock_downgrade+0x6e0/0x6e0 [ 291.062875] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 291.068517] kvm_vcpu_ioctl+0x3df/0xc70 [ 291.072602] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 291.078666] ? trace_hardirqs_on+0x10/0x10 [ 291.083271] ? __fdget_pos+0xa6/0xc0 [ 291.087163] ? fsnotify+0x897/0x1110 [ 291.090868] ? __vfs_write+0xec/0x630 [ 291.094733] ? proc_tid_io_accounting+0x20/0x20 [ 291.099772] ? SyS_write+0x1b7/0x210 [ 291.104087] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 291.110419] do_vfs_ioctl+0x75a/0xfe0 [ 291.116073] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 291.122050] ? ioctl_preallocate+0x1a0/0x1a0 [ 291.126786] ? security_file_ioctl+0x76/0xb0 [ 291.131221] ? security_file_ioctl+0x83/0xb0 [ 291.135772] SyS_ioctl+0x7f/0xb0 [ 291.139147] ? do_vfs_ioctl+0xfe0/0xfe0 [ 291.143139] do_syscall_64+0x1d5/0x640 [ 291.147314] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 291.153750] RIP: 0033:0x45cb29 [ 291.157057] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 291.166750] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 00:31:59 executing program 3: r0 = eventfd(0x6) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r2, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x20, 0x140c, 0x1, 0x70bd26, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x2400c000) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x2, r0}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r9, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r9) splice(r8, 0x0, r9, 0x0, 0x100000002, 0x0) ioctl$VIDIOC_STREAMON(r9, 0x40045612, &(0x7f0000000000)=0x10001) [ 291.174239] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 291.181704] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 291.190491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 291.198932] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:31:59 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:31:59 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x420000, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000000c0)="9a379e7c12c71dd9818354f51a65fa26", 0x10) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r9, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r9) splice(r8, 0x0, r9, 0x0, 0x100000002, 0x0) ioctl$KVM_GET_CLOCK(r9, 0x8030ae7c, &(0x7f0000000100)) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:31:59 executing program 1: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r1) splice(r0, 0x0, r1, 0x0, 0x100000002, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000000)={0x9051, 0x4000, 0xa2, 0x0, 0x7f, 0x6b, 0x8}, 0xc) r2 = eventfd(0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd(0x0) r8 = dup3(r6, r4, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x2, r2}) [ 293.547380] NOHZ: local_softirq_pending 08 00:32:02 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r6) splice(r5, 0x0, r6, 0x0, 0x100000002, 0x0) ioctl$EVIOCGABS20(r6, 0x80184560, &(0x7f0000000100)=""/214) r7 = eventfd(0x0) r8 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x2, r0}) 00:32:02 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:02 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0xce) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x10040) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r6, 0x118, 0x1, &(0x7f00000001c0), 0x4) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r6, 0x8982, &(0x7f0000000040)={0x6, 'ip6tnl0\x00', {0x6}, 0x1008}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x8) r9 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x101801, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm-control\x00', 0x795783, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000280)={0xffffffffffffffff, 0x1ff, 0x41b, r9}) r10 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:32:02 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:32:02 executing program 2 (fault-call:10 fault-nth:23): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:02 executing program 1: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x200000, 0x0) openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ocfs2_control\x00', 0x6000, 0x0) ioctl$VIDIOC_G_FBUF(0xffffffffffffffff, 0x8030560a, &(0x7f0000000000)={0x98, 0x1, &(0x7f0000000100)="448118c057b4e603625011ef354100e34755456ac7174653d8911fd74cd71c1889c65ff49aa7013fe559441df94b091c34c1cb28c3e7acd82cb8f90e68b195c575f1b1942ca11595368f4f278549d8ceedb235680ddc2dc612e6bec8b1f55153a9cb2f8f5ea6e918", {0x4, 0x5, 0x34325241, 0x0, 0x8, 0x8, 0x8, 0x2}}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd(0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r5, &(0x7f0000002480)=[{&(0x7f00000002c0)="1b0f60251f4152796b9fdd954c0a47980b96196b811b7854742edb08ff675af1277a9e45013f", 0x26}, {&(0x7f0000000300)="75926bcb874ba84fd5a8cbc87742fb3f1f601e34e74ee650e6591a860b3f9fc32458ad2ecea9b651fb1fedfd3180739c4aac4146c4f7969e4d15a5636e0bc09e13a84fb329fde3bce7b2348a520ea6205944e9bea4e28be479335b2b0ffaaede9dd451ae2fdd10848599036bc268bb41ac6446b76b34d3c32bbbec9e5ab26a02345cd661d74b298cef64b7bd41c752e335d6528915cc237f1aa7a29c0b85ad20754c6cac11aefaa0cf42a88cf6a6913ad50bd050ac34dd312fd52a6a18441075acc7229c6f8a4a5f9c5d78c136a77d43a562343a61c25ff9b85876cdd34c57bfbdf776ef0edd1c995c192d28f7f350586c088d6654e629f329e6053d33c75de9d4ee59da914600b17388fa59bc77d9abecfe83754dbcc916862637883248ab54124e0ada4cd399bd234bf854cdf32f07ccafb8e465c64d8d276924457e707864ab5dbcf2b3fa03cc5453baaf7899a776321abfec18baf0dae88ec95220c674fdca2ab493d42f823547d0937979e025df297600545ebfefea51872f9a6811cc461e0c5664397be63fa031913d2329cad2caef25c0d2963c0176b164942da132f78f48086bde1a46b51b698e8a3c56bdfde9e470e14244b796d877961caa64d456f131d17b3fde93610f5f88d5ede8b5238f0eca472135559188df9f1aa941c6a61ad24a6044b39242956eaf65b63de9ca8f845ed62ea2adc88e9894b41d0587de75eb423d1561000e42cdb088ae0911d2994a0756509191852cc2f0200a7a5c88a9dc9038265183fff60dab55f7e469a8480f09574873eea91d486b3aa7465ecfe561fcc32cfdd1e3a793ea40bed3e5a73fb45c234ca4217e6b9955f93b7b171c099de64638c009c683b35740951b06945de85f9be2ba80698e62569eb919a44938d7a5cffd1411ea0a3e85601bdcad16f35f521b5bcf1a34554594ff49e3c8dd7a1aa24ebdb65323b4ab3cb7a2d3c18c3c7907ac4d69ffc0e977949e85eb345ad23b92a0bf52c93c30dce3588466a681bb38e93daf13a1be1cfcfde28757eaea7f6570a2934bc145f5409de0e1fb24fc7c6c5c5f2c6732ace9370abbeb635d5e17fc30708429427c0a36248a5aaf3f5ce9453cef71f2932fe46c38c8ccbf7fbd99bce776e19af02de2a48326c888bd02eadd17f2fb854b3b576ddb7fa24fa326a0bfff1835650c4ac24b71632df79fcad773c750aa56f0fbc9add01d071bbcb995998eed694c56950665f211701526041b8c13330201d790ecba3c8a88417019e268c2ab6e7c78a3b587b72392e92070f9f0bc0a964ba239542e8404d193405873b05105165f9c6e8710f40d99f05afbf83a06bb09ae903cb27dfd5d7e17d18bb7f00ddcdcd09e47907cf00e7faaca5ed1d28ff05fae3c1bc45f774b6a51acc58d129c22b8955342f0ae3a210c512ab4daa4264239cf4c37f75ad4ca8214f3b44484d83a79721d4e1678c24712a861474288dd72b53cbf1bf3a152cfef2f06318ebbc07ccd0453a28f6c4125b082e20ecb630409ab372c790d81be2d688e2ed7d5343d5ba58dc7e0aa07d391bd8b1933aaff952ebae22d9be356ff8e68b4d614b61ab0ddb2aa6532c879357f2718ed55039cefde7ffad28257f786fd8ccd9dcfe1abc53a858501ce9d9810336ef2e9b928ecbf0b1e5d2595ec20c25e6af0b806d1f5b4e907682e49cc3f6e42d7b73a800dd0d39eaa37dd0807dd093088b10c6498de803f7c137413f00abd927985ac2f74168cf0975c3a2da9e71baa2723f4023676a28d05719946594abf92271868a025df2ef7f1d2caa98785ae8305d42fa4cf7cf3e3f88df301e33411779e43a12f2e4c3126a3783206c5aa16473246033383d5289cc57e78eff7d6fad73595b0c16a77f9708f6fc3709f8d4fc97c9b6c62743b0697546c7d21b9aa62a0288d8aab4431936ac3d83ab118b5c3bef51be9312fdb6f1a57fc5e38d207e15a3ea811bf5af20922cf45da499f0042023ea6d58711eb12d0797028b427db1e4e8549d088adf89dc0c0d0c1593b7917b28212198a782804f4702ba8e8e05d83ef5609bb8f7999465f3ff763f8f79d5d765e9370d0199bbd3deb00cde46efaef7a46aeb627f0ac12834153a361ce2c9446d3e99e8e9736c1fb6c0f00efb5610bad934893edf3f28138d8a8aaed75de4e91266871dc5077e544578e4152b97c92477360cf28ded638fc9289c9a57ee191908e6fcf58203b280ef742c0c383b6b996f1fda5d40613c6884b02993d4f6e226429e25b3ed4069ab105e3b1b41ed9af5b1ba65046069a7e3f67a0a4747b8e74e4b41c42cf2f1d6b0ddce027502adafcd56757632cb90d4e2556171752d924d7d08a44daa07a1b6ed62723e86ab6e125f38421b5a1eb15f4bd08a5e93635e60886dcb321a5bdeb54434d87b16b600f0bd53d9c45c4890d56bed69dc68b3fe0ececa42c1e72a92976f90aa52a2c722c1c848e4be9746c08793c38bd8324dcf4f77b48e47e97d3b5e69708422241f9de5f0338bda2c77b5641e05992a5ec1077c0759e4b4f65e3a8db88a107f1762de321254860e87eac23158f7c3596482fc3ac1af97fc468065f15b410069db9af3c740a163a9e436ead2bc06a317069aa9f60e1b9e6ffdb4aa9a1cbf9e449f3870e004a7d9282801d02fe8b84d08c3839cd5cb4304b4b1fc3fa7e77cc5aa287a98d051228554b701c61430f860ee7edfb41222f1c6a8be602e2aa13a3cf070f29d3fc0d663b064417738bfe45ea9487f705aaa28ef08329ddf1ad482a85c6a3e097863113675e66d75155171c8739c92024ce00f027cd759ff928aebb35d59893203a2a95b6ec7864b34c463ee5efca2cb42e5b2b64d2fa607fd9f3ac6071aa00fa427cc5186c2b907176a668ca9b5eba1191e21551481bef804bb20b017b854a9467167f5adbc8fe2a071b8004ffe8148a5a7fb8b93102196a610190491a04421e3ef3c9afa7b51518e25608b3686be5448248f4b4c9357a2fa898cf6b2125cbb54cf4294dd3f3cecce27a74a4d1bed2d5a026b2ee6ed2f70346561ac52246b5cb14cf1500732af5fcf71001950020693a1e9382f8ad6cab456f3a5246d26ba4b4d7142cc23e92fac86af5163d0c567d4b3826efc179da4bb12591e1f79eb360a761c649de378ac45c3014e9cff94232557c3b4d55368e83425e31f843d863a41df9355853548783ee1e7ec5d388afbd6af0c56e6f566693d389736a264fa5ab52a7b37de106bd10543ce1989697a79009801f30e7be2a17e5b4c32e1935fc6dc5e6ce7e5a16d128463e214fd28cba6636810c439ecc84f2742312c0ab307115310ee8caa12e9d0b93a799be136df6f9399986d747477b6bfcb0eb982af5614a4547bb06967c448cbc0f012b7457329d8b2beb3f78b2b79baa548381661bffa2f3fbe9879b6d1bf60d92c28bb00e510962e60d4fda6979890ab007179e4faf5cdd4534ce203c1c19d705d96cc2b07c0a059590fa2c9e893b9b9464d95f3094657e96b6b8724197dc493daa616e30d880bd5c911194fdfb8442d4fc6e8b56a3cf3768a49099c652efc752e440e031d3a4c64c169fe33a56692d01c24dcce2b183ba78570074b36eda1fd1cf5efeae47ab56f536a4000be4afbd9c67665f3a773e173a94868e4d957b6cfdd14b68e356203bc6d7f64cd0b5cb50f4fa57256b1fdba16016c32f1630383ebb61f7af755d26448d3a4d9d9c8e1ce48654f930be6ef03cb65e9f4473d7ece1a318b53488af72db275c0d4eb26cc4d76e1b02a6faa2c605a1aa451a41b1e1a3c6d587814f2f89fc72b4a2b89d8786570e230ba5b5506f4755afbdf78f7e926c60b8bb7f0935f3df2539e89756b64bc270d4448de87b3257f9bfdecd206c551d150808ab1e026a05a549a42745399a239f587083b4e5a3958d719184bff3f77c52d5926eacc0deedcaeb9d3e0672975e01a42b124bd5887bda79d8de75341ed42318ff5a2360fdbbe067187a4fff2000b0b3c7fdb20fee0c1c3e14db8acf40dfd2853660a26ccdbb5288eabd1dd1d8da9ef61424cc87731a711e2b4ad353a3eacfb9cedfd5288acc66ce851996aa04c2b22588475521afcef70a1b545bade259c61feb91d74f77705be6465d6f8abda1a5d132eb30f67559aaa5b72320dab203f9beed8f6160d84711e548119f332604b58681b7f3646098e53d56d156a81a2df1cc36799baf8a09ce2df70473fb7a4357f9e3b0e0547a3b9b2bd065dce2735bc49c499cbf86065d4239389084bc17aaa1976e23aac1f665ee2ce512423c462de62b097ed5be4789a3dc4bfafe48fda8836974e21e089d2322990bd95a204a9c386d67db8f56da1e0cd4a57767b0d0b238fc7730ef88de937199da5a112c495eaa1121f7d533cc4b9d2ed311d70f1215dc41118d0372a43660e322b0100c982abfdfd645f7714ebf30100165a03d81a5ac1c86b09158e302236743398871cad5921024368e0078a5049c0a27380a6b7fc12d7f25091666b205e27593f3eaf7ba72f03a164150313b31a0f288d9eb2ba6fe51e458ae3c01385ed5145f42d772e165ad36f71519a9eed233dbf35f738da181eafdf5e78beb41686d716adc60dc1d5c0d2d6c60532fa197a97982d1a1bae177c642433e868ca80788547942665fdd7f2818bd5333bd691a91e58399c8945450f2d0becf45059c3960d4db7991b55e613fe97e1712e8c35c0a30628fa6e2ba717dfb5056c1add3ddeaa2c5e4bccee5bb41a89633598e83dd16c02094ac4fe9b61a95d6dc78c859bc2fb39204ce8b64ea6fb0bd4de2606f21fd212823a86b99cfeaf2211b80ed293909ee769abf11a4bdab77a9108e14c46a3ce19238a9717a88590dd6467d0c94e3187795f679ea3d05f78e2292d6d1b93af09f9265cbc595b08714069eb46aa2595cebc5db7dd5fb60cc30b98139086807e3efab0a469a2406eef48b18c5e8a1f8ee8736a042cd54c16c7cd5445ffc4727aecae0f5990282ef8ef85d62d5adda474fcd9a5d83a5b49f6456a3a316ce9e8e5099f3ad686a156401e00b22b4cca3a770623c2cb4f68521876c6c6d5a4ed4c9306447d6f3d40d5844efcad2914d84ee2d6f0d450202a656ba19bad75d1ef00c167b2781fb676f7d2965535729bf7cb0c229035cdad93614bf996a9423026b36082ab2db02760fce5e51cec6ea0582082dd67c486d45a40737c58178f59ef9fede8056276a714aa135db6632ef22865d4496f3be81071c8baa50e30912c8aac3b62a4fa5088ec67f16849294360d329c5da1b09ffdf5847486cd0c77ec749ab35bc18b035d228218e77dc112653b2bcf4a1d771cd41c2c352b25838c906aec3d0315c0410cc18e81419285ebab1102299d42bdcbec53747229a53aae9410de7b39d7a686892aa30584bd05dfa54f2c73a2b0dccb1f4ad0c39bf8f625cba29ed68263c2afb95578701f7c54f7599bb7413b9b40a7b311311a85b04f1d0232e52d68af41ae00e4796d99fd5840630626786090be8de1d9e69896e6b8871592d90e9645c2cbf02f2928e47e68af9ac03bcc0ae4a3439061d74eb7dc68e1aead628d398f66222b27b62102871c4325c87ce4a0a46412f6502c8b49cc0ebfc073ff9c1d642b9f0d6abe3620802d5cd26c85da76482f1d316d78362fd3d274f5a52e2fbe85c4580b97c56f67a8e88d6415ada4a2d25b4a1401e02e8f908e502629a567b0dc55208d4ea58543016b0099254d05b5990c392b4ac6861063255bbd644bf2c930a789918104fc873043ee1836693a66ffb3235b848a6f363d3e3ee80d5610624dbb2265", 0x1000}, {&(0x7f0000001300)="b72611bb0d6c9b8d5eb903057d0e17e5ecf4c0b3f4a0c3650b1c90daa93500c013e31224cbdc7a34fa020dc453b484ddc33da16f0e01947712543d26f8f73de779a2096d53b83a4971d27176c27650b19450ecc2fd6e8a6c3152bb96189db91c3e82affa2e339c8ffd46d56824d17e713bbd5e7a6215d59260c826607a66cd56f09d23387f3d23c2c620c10578437f7dcf8b15515e3ea38e0428243294403cd787fd99bd7977ad5c053ace319daf9efc34e820de2b5e138c24f8f9c5bc5e", 0xbe}, {&(0x7f00000013c0)="f5c37d73ac86eafea4", 0x9}, {&(0x7f0000001400)="a9da4fd6260b7ec943e8042f043e14c7f2c9dd0ba2f85b68ef01a89379cfa47f15f68bca94a72f63", 0x28}, {&(0x7f0000002500)="fcf2021046de9c72edf84fa37913dda02dda6a8f3e927a7ce33ab3a125faa99ea31efb10c70c8f587771e06bc4f6c961a7c9e87c2e1ea82a654d92a735a958b40ca18896eef7b9089ac91c47be3b743727ee205d70c8bad8e06fc7d40ff28ebcac34822bcc3ae66f2de848455eb4afc60771fa6fa849b83fcc8e9fb12d1360053f3ef5d54d9d3f186e94fdc281888e36221e56073960ff633da92438cb584bba0888ecb234a26c64fb383aaf119a0aae72a76cb4936c8ff4b4f0de486bdc04e6eb6b5df95953d0a184512c46a7a743b430890bf015e9eaece218b583f17349a44f2943a742e6e0fbd00382ddeb4f1d5f4d5f226f824028f8b0dd16ed00971fbf2e58d1da3c44845d33b3210c4511578c97573d1711260c2c037b4876cd1f7b8e7d83fbf7dee317bd7d4f3b4cc772ff5e37af57265a8e929fbc9ccd9dd010e993914e5279fe321b305aa83caadd9fe4beb3bfc4e41b7967ef46d9070455154bd685e31086a2c18771fff12ad540aa7fec76b0390039e31fd264ee9c3ce5211abbe2974ca4a5a909cb23dfb36b8ea7485b074c024889d17b035510030cc31500a08a60454eff76487805461677f005a2bd8c7affaf28855300b5e8fa381d9c063b002e3e84524d88ce7664ea0d7b076c022dc1d481cbd8c40c5ee3cb8e5c7d3aa37d57e98556e33fda89055135c014350fc5102fbbebc164b086e554e11c8edd22877192b6b0be18b0f6499a9065aef324fafd896e8ada40b94654924d6a599d7c84911df976b43c1621c6f8bb2354097932175b23a1b932eee489cd048fb0772f6376c41f19236b9d42b5f8368dd1b97c0c61f3d18ff4bde6c502d89f5ec864e0b0b5d00ac3b7eb54e7967d811832b678b0ef724f181c3d6bacb2934fcfea49220b71c0010cc93c9744445a6033af82c285cb147ac34dd36f19b586e815e75b55fc90e3f14043da16cc7258c248374d288fabbeb516b94f29e8cd1a26697fc24ff10fa5cbe90ef581e9fd2d59edcd620dadfb9de7ce0a8d555c16161721db0cab402296211f0af033a05ca54d17eab35dc1d35f22e655467c83ad3d1c8d0ccf3e98b2c2645e572560e8c194667b263c50c9f32525223fb2cda0d491056c6a95df9057f7e3c25a7cc50b729b39f5ad0ece058f8133e360a11e2ed749e92f6cf858a375bf9d0a82b503f16666b954ad0fc48f85e6475f421b1b7a58a3f9cdad91e7d5de3b2f161452f199e60e1db0b654fb38eecce231cfe3efcf300c4aa093c133fcabe7513230dabbbae7fe5ac2cf4981d262981b8f9e69f93411e22a701c421410d84513acde7e2e1755606487f9a50e14c175fe6ba73320efd377add8930ed20b9f3161779e2b4e1a13a35bd0e96c38ff2b0fdfaf09e15970853a137b078945a5f99f4290d8d5b0341081a5be693714f8436b1ff39a0d4544a3696862178b3ebe06215e992fce4cc39a252e212fc95bb89761eaeab258da48e3f9b20281623d7f08787773ab0d28318be20c0dd86cc2a165d9c2bb8766daa8d700f7b62f518b25ee15d816223b2a24800c0afe647cbe68d331ab5f6e323ce84647834732d09735213c960578f2126515e908a8c1d28be55e4cc50a57cd98452b3379774e32d98c56e742966de505b5c8ec2f9ea90df34b57cf880b651ebe4488ec8e0b3affadf79682b23efa3babae2d4770fc2a994f7504a9d40769c54331eff4be2decda56c4e5cb38b557fb1ab76c558fe08e0cbfc27eee4a7db509d801ad6372461a0c77aac02c1ba8eca1269ecae66ec3fec90e10ba7462906447ee66bbf8968c1abf33a4db35ab62ceb0dab79c66b1a0af401ae97cbc3818e858b719ddc08fade37fba6b5d634bf9e03441d8763ce680658f10381cef478200006a3e47a203e81a84ade43787f8cdabba07374d2418e2698d135e8511fb2e5d9fbfd8629c9a16cda214702b38900284ce1afd7dadc3a98383998b5b475fd6b84593e6f71b55733da162e3dc410f20861cd90be0652827851c38690e89caa3388c14ddffb21b9c9701b1690af4d90ac0681025ab41403c1bfe8e32dddde2f45a16b6045226151d8e126e2db133c0e95a5a5f2a400da57481e7134491c7fd079946cb4bc3b6f523a2c2086aa9d0217a5770c3bf00082642909bdeda43dbbbb912e5d63780f5578a0612dae655cd20410f935f44c62080903229d4f41ad9a05395eea0ae2e4a3e44ae824bba1bde34d6443772cabc3990781a1c7ee57a3d1255db3aa4c7128ab7ee09aa350ad75e7f1f58b1357ac0ec616d1f2f7cf14f577a93dbf1ffaaa0b6862f6ea84b1a80e3aa2afcaa6259fd90becadf295bacd21522425b5f16fef72fb0450cc002a203d3ba0ae4e1771ec903282edf0042c7bc9efd968761c5b00cd81b58781042277ee6a0edde62b194e909b08018556a859ab554473dfc51576c2e89730cb234b06e74e35ae66c7ccbed5aced7ef19f7cd7a773e17b7f3a08b5eba84f3a75b74692cd35e6bed9ffc9338f3559e31950d5f3a32db879916b54cac8e1360413d93755cf51ab6f5bd94037ff0f281245587de902ad58a0653c44f39854d6c6a88edb9c0528ff84eb0a60c03be2bcd516d44caa9655be9e01c39202d2f7fab8491c73f1195e5fff601d86ead814db5b717baef7e3aefe4674717f07356787c2c53d45826fbba4843b5a99c115156366f8991c8d6b9fc9382b4c440198c3ea2499a94b80f1d0f02769d378d3adeb015d41df91e924a55bb0a4e20bec1ccec43b38de47a4fb46ca9508e9812d424ba85e68c6fc7387914fe8d9d3b1331841f7e232dc695bd2ab8d91658face0430d80cf6a63d8ff7cd4a9ca07a5373e643ce0c7952fdd30f8997c43390fe81f087e10a10dfc483f2f77796f7017cfb455490eca0e3fe1754133d9bf0a93b618eedcb2f5ed06f70533ee974ccabc2e62a940e80939283381250132fe5657d045ddef9cf537dcd7e81bd59293f1afc69c3f8e2cd8f59d8ee9acbe0b35aa3dc392853720f46636b0a1bcd4ff7e4cd385864040b53c792fe10bd9f7bfe77c78bde11f3e6aaa50048ee32c74e4f37e363d8e7509604b9bb43aca60a9040cbf47e8179aa0558bec87f0ff52272ea3c1b644a17f2ccb9bf0a27d07d116aad6d3fc9e0ab233a0c722f7e34d1c947479a503939c95b53292d32a6f0abe2a311a8f0f638a4ef4effa87ed998aadf6d13382c56f1feb475e5cdf8484163b2d82f7d17991c760f71ad0cbc1ab9720c1f1f26f9400a590ce05a1a5306426993e555f9a9966604f6d4a8410a6899cda95b7a984100a88f1760d7e19280dee53798d0e04877af41f96cfd9a8a5ffdaf5068ca2385f0dcbfe1d2a12ac8e7fa52df2846c83bad345d189613639db91220755279c910f089c83cb3b44cd9d8c7ff358345b579d1b849568530a94f708e3b922982513c16c4635e5f513392ba0840c1bf9d00ddf06696121de871fd85ed1202f4705d0415acb1f9558aea850891a5db2169ec148911cb64a884d17af9a60b6cf6d1f484303c37249f665f4688a4308b128bfd44ec4b8b1f92c3b2bffb7ca9a77625c56c3010c5e39198993d37e8b5bae2e4b070b991cfaec94902c617da8bb96de27e9dd65be96352243bf136696edfb570aebf0b142e1491c6e68a1a3ebc7e9172f334bcc7ea2475f8d5079f25c4858272d3920f04d86824567d1e2278ac30d3384a34bc5df20f06e550975e6f8747159c5b2106e164a0ebe380ee4bd9f1c97620484536f389ed0436f762b40e265e10422205717e76936b1285bc4a2c05e9a950f07760fc4c57d619c22d8883df4ec20ee8cf4074a35d2eb3cf01113bc69aebfeb7fd47b35f79e0ad414aec1fb8f2b64e143a3e3e0023099ced5590235ef5d30637246ded16d7b87016cf8bb745876b6d99806341301dcf4567a735ba6c7edb4a6f611cd39b22244b7ff66ba18739e8411a44edaabacb3c4f60194c2d0a28a51eff15bbd1839c678954299794ecf667da21477e817e236fc554b9250733b62750c1e8f8d570823dbef88c7ac5215f903962e96d61b639231d76afa04a053199ba9f29830db94d4df14fc660862a845f5050e450336d64bd12a16a50d07ba7673b959b2c60ed44fb06368731b56dd61e6fc9deab3bea5d9646415ffb82b782d8a88323ad0096d76b4da5069b2f639eb98a996727a1f6b85570a3222b37d34719e594d8abff5575fe587cb6fb631beee0b33a6532a5ccf68c444afb5d0c940b6b805e04c3067ab4d85675c61d8f58e23a898008dcb6439b0762bf875ec6496e09bca9af44c6a08f6f03d821b0757b2b1cdc2760c8b3e6b80a954904e37ea47ba9454530f19fa4105526d568abf1092c919133892687352b2039034ed0a201e3c85b5f5284b5a61e8acf0cdc5e569246422494ad3384f40246ef7df309236d988556a693f9334547d1bd5aae975504e7164a2b58bb53bc83974fb866a1eb3f9867ddee263f3996bf89f803d7d4bfaf301815faa1b05a747e0be29051c6ed34fe4911a486a5965f5f556c4ee085c00739f4ac3b93278668ba2de96cc87e476036d704be55c51ab1fc9ea5080191b27fe8e374079ab910a041597e47c790ed2d910f29f97059bb93d12d84a6ff09836aa54d8e85cf83399ae6c65d12c0f2227902322a01e004290d1ab4ca8f470b3e150c7df18cea23e723ce433e04e95c760f672ad4d96f14272cc7654ce035239c705acabd80846ef1c3adac427c668b0ae7dc33c8b5a0773d5eee9b37088f05152a6c5061dbc293b4d37564f1774197cad56e90b186b181cea6184dc5e6e995915d56d9a09b943db4fe819731d6a7dca27da906155fe62a3fef240ceb794ffb8ee2a67389256ca8be5d0685deb229df0775d681d9fdf37620ddb23d036f0b17e74dc438abfb11e85cd0837dcc1bee2b8af2a1f493d5bea1e1d3b6ac7dafcc4ea8ccbf8727e90f88327e6e0e400f59d20d5ae624781033fba6549c488f05787dfdc44b01d807a4ab431929176ee3a281c006434ed1b133d0191105336b63aef056c1338dcc922881fae2638b58edba7fde852ef111ca38ea795d2126bff5004d7765f01a653a0c15e01db90baf473d42b8a7dbdb29c2438ae9a59b03210999f6e4ec2166b3d19257bbd866505bbf67554f843329fa112089334442793c1327b613f6f14ab8124e646786b0ae97c9ca673a0d079c1fd08c33e1c453a86d9a8299e5cf0f3a399e866d5f6b0f5d103a49f2fd71aa02d3dbaa214edde7d691bb1080724db7fb158730776a2323a2bbf7782f8480d21bde3ef5442da3a140d87bb3442f7108eb1fec91115d646b0564e351b78e41339d754e28481ff208671218e318823e72fc1f19c08e6f25607ed9e0cc65b1fb0d5da55fad3b0ba36f96664e686289f9faef8965d8b939d43eeea034e2f6508d98384c22574233f78108935a7f6dffc769a3f8ac84488bbbb6a06d8785ee7a09741914d593c7a8b24a3db2ae50c1ad5ef56960f8467d25cf6bf916e2fcbc6fe71f4c6793d6bc65d58d31e0a3caa56a5b0225b5e53507ac0188817e25709ec67a21c623272676912fecfc8ecced66d894d7c41ca33e7df68e709624d3268c80c202d7f0da15c3cc4d0747669f3f5f1d6ac20bde956e5ff4c441d84dd352db55e0dd6881c608ff1e8370e888a48c0a8cda5973b6727caa43ae3bd3177f5755c1d9771d4b0516d0018170577fb4dfdf9a34b4bcc3e2f6e7a52577e61a3cf7eb8d58bf4cf9138fe16b216263ede4f7b4b27634b959b747090b8e203cb25579f2542aed8ec54707b98def81bc9e6c828b", 0x1000}, {&(0x7f0000002440)="bf215baa8ac1a106c117ec2c8cc7e5ebe2b32ca7", 0x14}], 0x7, 0x0) close(r5) bind$unix(0xffffffffffffffff, &(0x7f0000001440)=@file={0x1, './file0\x00'}, 0x6e) splice(r4, 0x0, r5, 0x0, 0x100000002, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r6 = dup3(r2, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r7, 0x84, 0x6, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e24, @broadcast}}}, &(0x7f0000000280)=0x84) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) [ 293.979097] FAULT_INJECTION: forcing a failure. [ 293.979097] name failslab, interval 1, probability 0, space 0, times 0 [ 293.990935] CPU: 0 PID: 15175 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 293.998928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 294.009593] Call Trace: [ 294.012556] dump_stack+0x1b2/0x283 [ 294.016246] should_fail.cold+0x10a/0x154 [ 294.020493] should_failslab+0xd6/0x130 [ 294.024571] kmem_cache_alloc+0x28e/0x3c0 00:32:02 executing program 1: r0 = eventfd(0x7fff) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r2, 0x118, 0x1, &(0x7f00000001c0), 0x4) dup(r0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x8) close(r4) splice(r3, 0x0, r4, 0x0, 0x100000002, 0x0) ioctl$VIDIOC_SUBDEV_S_EDID(r3, 0xc0285629, &(0x7f0000000100)={0x0, 0x8, 0x3, [], &(0x7f0000000000)=0x7f}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r6 = eventfd(0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x2, r0}) r7 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r7, 0x118, 0x1, &(0x7f00000001c0), 0x4) r8 = dup3(r7, r5, 0x80000) ioctl$FS_IOC_SETVERSION(r8, 0x40087602, &(0x7f0000000900)=0x4) [ 294.028734] mmu_topup_memory_caches+0x83/0x300 [ 294.033951] ? kvm_vcpu_kick+0xef/0x1f0 [ 294.038123] kvm_mmu_load+0x1e/0xc90 [ 294.042030] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 294.047591] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 294.053410] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 294.058446] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 294.064049] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 294.069425] ? lock_acquire+0x170/0x3f0 [ 294.074466] ? lock_downgrade+0x6e0/0x6e0 [ 294.078893] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 294.083662] kvm_vcpu_ioctl+0x3df/0xc70 [ 294.087838] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 294.094084] ? trace_hardirqs_on+0x10/0x10 [ 294.099269] ? __fdget_pos+0xa6/0xc0 [ 294.103751] ? fsnotify+0x897/0x1110 [ 294.108001] ? __vfs_write+0xec/0x630 [ 294.112722] ? proc_tid_io_accounting+0x20/0x20 [ 294.118777] ? SyS_write+0x1b7/0x210 [ 294.123229] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 294.129133] do_vfs_ioctl+0x75a/0xfe0 [ 294.133504] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 294.140456] ? ioctl_preallocate+0x1a0/0x1a0 [ 294.144984] ? security_file_ioctl+0x76/0xb0 [ 294.150202] ? security_file_ioctl+0x83/0xb0 [ 294.154890] SyS_ioctl+0x7f/0xb0 [ 294.158743] ? do_vfs_ioctl+0xfe0/0xfe0 [ 294.163260] do_syscall_64+0x1d5/0x640 [ 294.168733] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 294.174151] RIP: 0033:0x45cb29 00:32:02 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r6) splice(r5, 0x0, r6, 0x0, 0x100000002, 0x0) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r6, 0x84, 0x8, &(0x7f0000000080), &(0x7f0000000100)=0x4) r7 = eventfd(0x0) r8 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000000)={r7, 0x8, 0x3, r0}) [ 294.177455] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 294.185284] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 294.195194] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 294.202902] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 294.211077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 294.218965] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:02 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0)='batadv\x00') r6 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_GATEWAYS(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x1c, r5, 0x711, 0x0, 0x0, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x1c}}, 0x0) r9 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r9, 0x118, 0x1, &(0x7f00000001c0), 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r9, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', 0x0}) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, r5, 0x4, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r10}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x7}]}, 0x34}, 0x1, 0x0, 0x0, 0x48090}, 0x0) r11 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r12 = eventfd(0x0) ioctl$KVM_IRQFD(r11, 0x4020ae76, &(0x7f0000000000)={r12}) r13 = dup3(r11, r3, 0x0) ioctl$KVM_IRQFD(r13, 0x4020ae76, &(0x7f0000000080)={r12, 0x0, 0x3}) 00:32:02 executing program 2 (fault-call:10 fault-nth:24): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:03 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) dup3(r4, r2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) r8 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2002, 0x0) sendto$rxrpc(r8, &(0x7f00000001c0)="8184e4ac07d1c81c84dde9cb3ed5873b724e3da418db00cd9546daa944818dff6b17e822862942b38e6fef6a13ed96c6886c16361d369cc6ba15fe4934f8c22ff777440b3a5c0bd634cf67e78dbae5662462d0d17712387cd83ba4c0462b53baecbafd99d5fe1ff438dcef1472ce3a4b488625ae947f18afcbd88ee4476db6496657c1f5052dd7b831cc3696320775e3ba884811acb5e0a656bbe663cd9051f9", 0xa0, 0x20000000, &(0x7f0000000140)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e20, @rand_addr=0x64010101}}, 0x24) close(r7) splice(r6, 0x0, r7, 0x0, 0x100000002, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) 00:32:03 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r6) splice(r5, 0x0, r6, 0x0, 0x100000002, 0x0) ioctl$SG_GET_COMMAND_Q(r5, 0x2270, &(0x7f0000000040)) r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r8 = eventfd(0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000000)={r8}) r9 = dup3(r7, r3, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x3}) 00:32:03 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r7) r8 = socket$inet_udplite(0x2, 0x2, 0x88) r9 = creat(&(0x7f0000000100)='./file0\x00', 0x10) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) fchown(r9, 0xee01, r10) chown(&(0x7f0000000000)='./file0\x00', r7, r10) r11 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r11, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 294.451349] FAULT_INJECTION: forcing a failure. [ 294.451349] name failslab, interval 1, probability 0, space 0, times 0 [ 294.483537] CPU: 0 PID: 15274 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 294.492684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 294.503119] Call Trace: [ 294.505718] dump_stack+0x1b2/0x283 [ 294.509385] should_fail.cold+0x10a/0x154 [ 294.514292] should_failslab+0xd6/0x130 [ 294.518391] kmem_cache_alloc+0x28e/0x3c0 [ 294.522749] mmu_topup_memory_caches+0x83/0x300 [ 294.527512] ? kvm_vcpu_kick+0xef/0x1f0 [ 294.531502] kvm_mmu_load+0x1e/0xc90 [ 294.536103] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 294.544270] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 294.550783] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 294.556095] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 294.561315] ? lock_acquire+0x170/0x3f0 [ 294.566602] ? lock_downgrade+0x6e0/0x6e0 [ 294.571235] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 294.575510] kvm_vcpu_ioctl+0x3df/0xc70 [ 294.580799] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 294.586903] ? trace_hardirqs_on+0x10/0x10 [ 294.591270] ? __fdget_pos+0xa6/0xc0 [ 294.595091] ? fsnotify+0x897/0x1110 [ 294.599344] ? __vfs_write+0xec/0x630 [ 294.603431] ? proc_tid_io_accounting+0x20/0x20 [ 294.608225] ? SyS_write+0x1b7/0x210 [ 294.611989] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 294.617879] do_vfs_ioctl+0x75a/0xfe0 [ 294.621679] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 294.627304] ? ioctl_preallocate+0x1a0/0x1a0 [ 294.633387] ? security_file_ioctl+0x76/0xb0 [ 294.639054] ? security_file_ioctl+0x83/0xb0 [ 294.644724] SyS_ioctl+0x7f/0xb0 00:32:03 executing program 3: r0 = eventfd(0x7fffb) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 294.648855] ? do_vfs_ioctl+0xfe0/0xfe0 [ 294.653120] do_syscall_64+0x1d5/0x640 [ 294.657383] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 294.663033] RIP: 0033:0x45cb29 [ 294.666310] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 294.674490] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 294.682655] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 294.690199] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 294.697769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 294.705399] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:05 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r6, 0x118, 0x1, &(0x7f00000001c0), 0x4) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) setsockopt$inet6_MCAST_MSFILTER(r7, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="d0060000000000000a004e2300000003ff0200000000000000000000000000010100ffff00000000000000000000000000000000000000000000000067c3000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000a004e240000000600000000000000000000ffffac1e01010400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000485cf0828f09865f00"/272], 0x110) ioctl$FIOCLEX(r6, 0x5451) r9 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r9}) r10 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r9, 0x4000000, 0x3, r9}) sendto$l2tp(r2, &(0x7f00000000c0)="c064a76744b86aef50a0775ef6ad110abf82883e1116342db9fc3e3114fe05c6e98f38a8ac9745e8977e64a2550bc236f8e8faf8a69aa9bd389a43da7d35828c2ef8ffa362ecddefffd9fbe0c202d1fe069131d2caaecc7f31b8963fd823c036796b9ad06f2e31c8ebc26d9c5b68a717c3c77c73f75a2392776e060841f71604606dd1943f473ff3b90b9d88360f3012971c46035670e31244a9dd3315e88af97ce6e610540476123b24ad68193232fc77425b0f98f94b83fe2e5ace6e2d700343f109dd9e902d6a6ef69ad758ce222708efa98328", 0xd5, 0x44044845, &(0x7f0000000040)={0x2, 0x0, @broadcast, 0x3}, 0x10) 00:32:05 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) sendto$isdn(r6, &(0x7f0000000100)={0x2, 0x7e0, "ff7195dd1fa9496069e6d7420589a714b5a7c2c716a1b815e1b975b1be258221007e0fa9eec93e181fcbf74993f0bfca49cf767cb54adf6b387427473878bc86547363f211f729cbbe096f0d9b90d65b08149e8edbb3da3c8830c2e4fefa40a5532cfc0ba7a5b5a4d8d9a22701c141d815621d63f0cccbb524fb0580770a89aa09fe372b0bd58def9de0c8168c00119d3acaa9b68a453798e8307fd829e888dc25bf3cafb34b84"}, 0xaf, 0x2000c000, &(0x7f0000000000)={0x22, 0x2, 0x3f, 0xff, 0xf0}, 0x6) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:32:05 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:32:05 executing program 2 (fault-call:10 fault-nth:25): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:05 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r4) splice(r3, 0x0, r4, 0x0, 0x100000002, 0x0) r5 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r5, 0x118, 0x1, &(0x7f00000001c0), 0x4) setsockopt$SO_TIMESTAMP(r5, 0x1, 0x40, &(0x7f0000000140)=0x800, 0x4) r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x300, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) r9 = dup3(r7, r2, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x2, r0}) [ 296.962665] FAULT_INJECTION: forcing a failure. [ 296.962665] name failslab, interval 1, probability 0, space 0, times 0 [ 296.992593] CPU: 0 PID: 15362 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 297.001333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.011301] Call Trace: [ 297.014376] dump_stack+0x1b2/0x283 [ 297.018025] should_fail.cold+0x10a/0x154 [ 297.022192] should_failslab+0xd6/0x130 [ 297.026613] kmem_cache_alloc+0x28e/0x3c0 [ 297.031303] mmu_topup_memory_caches+0x83/0x300 [ 297.036354] ? kvm_vcpu_kick+0xef/0x1f0 [ 297.040884] kvm_mmu_load+0x1e/0xc90 [ 297.044690] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 297.050124] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 297.056161] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 297.061174] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 297.066822] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 297.071689] ? lock_acquire+0x170/0x3f0 [ 297.075672] ? lock_downgrade+0x6e0/0x6e0 [ 297.080381] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 297.084610] kvm_vcpu_ioctl+0x3df/0xc70 [ 297.088954] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 297.094934] ? trace_hardirqs_on+0x10/0x10 [ 297.099414] ? __fdget_pos+0xa6/0xc0 [ 297.103459] ? fsnotify+0x897/0x1110 [ 297.107158] ? __vfs_write+0xec/0x630 [ 297.110945] ? proc_tid_io_accounting+0x20/0x20 [ 297.118392] ? SyS_write+0x1b7/0x210 [ 297.122106] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 297.127971] do_vfs_ioctl+0x75a/0xfe0 [ 297.131842] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 297.137462] ? ioctl_preallocate+0x1a0/0x1a0 [ 297.141992] ? security_file_ioctl+0x76/0xb0 [ 297.146383] ? security_file_ioctl+0x83/0xb0 [ 297.151062] SyS_ioctl+0x7f/0xb0 [ 297.154623] ? do_vfs_ioctl+0xfe0/0xfe0 [ 297.158857] do_syscall_64+0x1d5/0x640 [ 297.163524] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 297.168981] RIP: 0033:0x45cb29 [ 297.172238] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 297.180449] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 297.188245] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 297.195678] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 297.203281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 00:32:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) r3 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ocfs2_control\x00', 0x4040, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r3, 0xc0405519, &(0x7f0000000100)={0x6, 0x1, 0x2, 0xec, 'syz1\x00', 0x99}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd(0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={r7}) ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000040)) r8 = dup3(r6, r4, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x3}) [ 297.210844] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:05 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r7) splice(r6, 0x0, r7, 0x0, 0x100000002, 0x0) r8 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r8, 0x118, 0x1, &(0x7f00000001c0), 0x4) ioctl$VIDIOC_S_EXT_CTRLS(r6, 0xc0205648, &(0x7f0000000100)={0x0, 0xe8f4, 0x7, r8, 0x0, &(0x7f0000000000)={0xa10901, 0x800, [], @ptr=0x17}}) ioctl$RNDCLEARPOOL(r9, 0x5206, &(0x7f0000000140)=0xe53) r10 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:32:05 executing program 2 (fault-call:10 fault-nth:26): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:05 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x10000, 0x0) ioctl$USBDEVFS_DROP_PRIVILEGES(r2, 0x4004551e, &(0x7f0000000100)=0x7) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x185200, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x2, r0}) [ 297.412628] FAULT_INJECTION: forcing a failure. [ 297.412628] name failslab, interval 1, probability 0, space 0, times 0 [ 297.462796] CPU: 1 PID: 15428 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 297.472912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.484212] Call Trace: [ 297.487050] dump_stack+0x1b2/0x283 [ 297.492610] should_fail.cold+0x10a/0x154 [ 297.497035] should_failslab+0xd6/0x130 [ 297.501455] kmem_cache_alloc+0x28e/0x3c0 [ 297.506049] mmu_topup_memory_caches+0x83/0x300 [ 297.510975] ? kvm_vcpu_kick+0xef/0x1f0 [ 297.515044] kvm_mmu_load+0x1e/0xc90 [ 297.518768] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 297.524224] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 297.529168] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 297.534111] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 297.539578] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 297.544422] ? lock_acquire+0x170/0x3f0 [ 297.548491] ? lock_downgrade+0x6e0/0x6e0 [ 297.552676] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 297.556832] kvm_vcpu_ioctl+0x3df/0xc70 [ 297.560814] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 297.566709] ? trace_hardirqs_on+0x10/0x10 [ 297.570958] ? __fdget_pos+0xa6/0xc0 [ 297.574689] ? fsnotify+0x897/0x1110 [ 297.578405] ? __vfs_write+0xec/0x630 [ 297.582300] ? proc_tid_io_accounting+0x20/0x20 [ 297.586972] ? SyS_write+0x1b7/0x210 [ 297.590829] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 297.596830] do_vfs_ioctl+0x75a/0xfe0 [ 297.600640] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 297.606279] ? ioctl_preallocate+0x1a0/0x1a0 [ 297.610705] ? security_file_ioctl+0x76/0xb0 [ 297.615118] ? security_file_ioctl+0x83/0xb0 [ 297.619531] SyS_ioctl+0x7f/0xb0 [ 297.622905] ? do_vfs_ioctl+0xfe0/0xfe0 [ 297.626888] do_syscall_64+0x1d5/0x640 [ 297.630783] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 297.635974] RIP: 0033:0x45cb29 [ 297.639162] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 297.646880] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 297.654155] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 00:32:06 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r4) splice(r3, 0x0, r4, 0x0, 0x100000002, 0x0) ioctl$UI_GET_VERSION(r3, 0x8004552d, &(0x7f00000000c0)) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x4801, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r8, 0x401, 0x0, r2}) r9 = dup3(r7, r5, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x3}) 00:32:06 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) r7 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x3, 0x2) ioctl$VIDIOC_S_SELECTION(r7, 0xc040565f, &(0x7f0000000100)={0x2, 0x101, 0x1, {0x5, 0x7ff, 0xffffffc1, 0x40}}) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 297.661406] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 297.668664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 297.675933] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:08 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:08 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x840c0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:32:08 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:32:08 executing program 2 (fault-call:10 fault-nth:27): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:08 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r2, 0x40045010, &(0x7f0000000040)=0x101) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r6, 0x118, 0x1, &(0x7f00000001c0), 0x4) r7 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000002, 0x0) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, &(0x7f0000000240)) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r7, 0x118, 0x1, &(0x7f00000001c0), 0x4) r8 = dup3(r7, 0xffffffffffffffff, 0x80000) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:32:08 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r5) splice(r4, 0x0, r5, 0x0, 0x100000002, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r7) add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0x0) r8 = add_key$fscrypt_provisioning(&(0x7f0000000140)='fscrypt-provisioning\x00', &(0x7f00000001c0)={'syz', 0x2}, &(0x7f0000000200)={0x0, 0x0, "70cb16b1b658e1660c7b671e194467c4f816612386817816e310966c7d631b618e525326f6c87f33877473bd5250b89f57df0f76e1d246b4445fbc88b8c9479ef217c899fb3e39047000550d3466ab5f43daf2c4bb40e3e1f5471e50b4f5a3cac43248c94aa05f1bbdbe1b7d1cbe128fc08aa2ff0c40180017ef2db3135986f942a9d909d7832a86a0d78f4e74c7d73f70e1f1289028334dd3720f1c6b482432083ae2be9129004636e91203ea9a2b787124fa7940a50a55523570c28548b7ac748ea824"}, 0xcc, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0506617, &(0x7f0000000300)={{0x0, 0x0, @identifier="5a82569c4c907f2ee66b06f12c45e82f"}, 0x6c, r8, [], "34ccbb7b7d00d7ced6aa2a539695c32d0246fd90bde4050785be46d2365aaf76779d1177c48b9097534e4dd0f33b43c4d1ffd19ae65fe323a603d8e2b54fba84cd7da73752f5accd51ec91b07d75630069161cafaae051e905b64f869c332a8f6f3bb6a7838bd4613015890a"}) splice(r6, 0x0, r7, 0x0, 0x100000002, 0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r4, 0x9, 0x8, r6}) r9 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r10 = eventfd(0x0) r11 = dup3(r9, r2, 0x0) ioctl$KVM_IRQFD(r11, 0x4020ae76, &(0x7f0000000080)={r10, 0x0, 0x2, r0}) [ 299.994483] FAULT_INJECTION: forcing a failure. [ 299.994483] name failslab, interval 1, probability 0, space 0, times 0 [ 300.010057] CPU: 1 PID: 15525 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 300.018061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.027592] Call Trace: [ 300.030197] dump_stack+0x1b2/0x283 [ 300.033925] should_fail.cold+0x10a/0x154 [ 300.038085] should_failslab+0xd6/0x130 [ 300.042064] kmem_cache_alloc+0x28e/0x3c0 [ 300.046220] mmu_topup_memory_caches+0x83/0x300 [ 300.051345] ? kvm_vcpu_kick+0xef/0x1f0 [ 300.055340] kvm_mmu_load+0x1e/0xc90 [ 300.059066] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 300.064536] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 300.069467] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 300.074384] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 300.079942] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 300.084781] ? lock_acquire+0x170/0x3f0 [ 300.088784] ? lock_downgrade+0x6e0/0x6e0 [ 300.092917] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 300.097044] kvm_vcpu_ioctl+0x3df/0xc70 [ 300.101108] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 300.106973] ? trace_hardirqs_on+0x10/0x10 [ 300.111186] ? __fdget_pos+0xa6/0xc0 [ 300.114893] ? fsnotify+0x897/0x1110 [ 300.118586] ? __vfs_write+0xec/0x630 [ 300.122420] ? proc_tid_io_accounting+0x20/0x20 [ 300.127067] ? SyS_write+0x1b7/0x210 [ 300.130764] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 300.137296] do_vfs_ioctl+0x75a/0xfe0 [ 300.141153] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 300.146764] ? ioctl_preallocate+0x1a0/0x1a0 [ 300.151160] ? security_file_ioctl+0x76/0xb0 [ 300.155550] ? security_file_ioctl+0x83/0xb0 [ 300.159966] SyS_ioctl+0x7f/0xb0 [ 300.163328] ? do_vfs_ioctl+0xfe0/0xfe0 [ 300.167291] do_syscall_64+0x1d5/0x640 [ 300.171168] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 300.176349] RIP: 0033:0x45cb29 [ 300.179516] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 300.187737] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 00:32:08 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x105000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) fanotify_mark(r6, 0x0, 0x0, r6, &(0x7f0000000000)='./file0\x00') pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f00000000c0)={0x1, 0x3, 0x10000, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) [ 300.195179] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 300.202672] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 300.210566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 300.218023] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:08 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000180)=0x3) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x20640, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r5, 0x28, 0x2, &(0x7f0000000100)=0x524, 0x8) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r6}) prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) r7 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r7, 0x118, 0x1, &(0x7f00000001c0), 0x4) r8 = dup3(r4, r7, 0x0) r9 = syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x7fffffff, 0x484200) ioctl$RTC_AIE_ON(r9, 0x7001) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x24080, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:32:08 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r3, 0x118, 0x1, &(0x7f00000001c0), 0x4) fsetxattr(r3, &(0x7f0000000140)=@known='trusted.overlay.opaque\x00', &(0x7f00000001c0)='{#-\x00', 0x4, 0x1) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x1c9302, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=0x0) setpriority(0x2, r7, 0x3) r8 = dup3(r5, r2, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x2, r0}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r10, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r10) splice(r9, 0x0, r10, 0x0, 0x100000002, 0x0) ioctl$KVM_CHECK_EXTENSION(r10, 0xae03, 0x7fffffff) 00:32:08 executing program 2 (fault-call:10 fault-nth:28): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:09 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = eventfd(0x0) r4 = accept$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast1}, &(0x7f0000000100)=0x10) r5 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r5, 0x118, 0x1, &(0x7f00000001c0), 0x4) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r6, 0x118, 0x1, &(0x7f00000001c0), 0x4) r7 = dup3(r4, r6, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) [ 300.441934] FAULT_INJECTION: forcing a failure. [ 300.441934] name failslab, interval 1, probability 0, space 0, times 0 [ 300.466101] CPU: 1 PID: 15592 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 300.475469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.486407] Call Trace: [ 300.489625] dump_stack+0x1b2/0x283 [ 300.493271] should_fail.cold+0x10a/0x154 [ 300.497525] should_failslab+0xd6/0x130 [ 300.501516] kmem_cache_alloc+0x28e/0x3c0 [ 300.505685] mmu_topup_memory_caches+0x83/0x300 [ 300.510369] ? kvm_vcpu_kick+0xef/0x1f0 [ 300.514446] kvm_mmu_load+0x1e/0xc90 [ 300.518174] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 300.523640] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 300.528584] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 300.533670] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 300.539146] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 300.544007] ? lock_acquire+0x170/0x3f0 [ 300.547990] ? lock_downgrade+0x6e0/0x6e0 [ 300.552153] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 300.556313] kvm_vcpu_ioctl+0x3df/0xc70 [ 300.560293] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 300.566285] ? trace_hardirqs_on+0x10/0x10 [ 300.570525] ? __fdget_pos+0xa6/0xc0 [ 300.574955] ? fsnotify+0x897/0x1110 [ 300.579100] ? __vfs_write+0xec/0x630 [ 300.582975] ? proc_tid_io_accounting+0x20/0x20 [ 300.587829] ? SyS_write+0x1b7/0x210 [ 300.591638] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 300.597622] do_vfs_ioctl+0x75a/0xfe0 [ 300.601410] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 300.607030] ? ioctl_preallocate+0x1a0/0x1a0 [ 300.611421] ? security_file_ioctl+0x76/0xb0 [ 300.616344] ? security_file_ioctl+0x83/0xb0 [ 300.620756] SyS_ioctl+0x7f/0xb0 [ 300.624125] ? do_vfs_ioctl+0xfe0/0xfe0 [ 300.628078] do_syscall_64+0x1d5/0x640 [ 300.631966] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 300.637138] RIP: 0033:0x45cb29 00:32:09 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$VIDIOC_G_FREQUENCY(r2, 0xc02c5638, &(0x7f0000000040)={0x3, 0x0, 0xa78b}) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f00000000c0)={r6, 0x5, 0xe7d0, r6}) [ 300.640306] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 300.648014] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 300.655263] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 300.662511] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 300.669856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 300.677112] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:11 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:11 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:32:11 executing program 2 (fault-call:10 fault-nth:29): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:11 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) r7 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x101000, 0x0) ioctl$UFFDIO_UNREGISTER(r7, 0x8010aa01, &(0x7f0000000100)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}) 00:32:11 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) ioctl(0xffffffffffffffff, 0x5, &(0x7f0000000100)="16a29e959c3060b840178f52996dc8c98700a3918b2435bd60a50f774ea24ff5e33d2637e3640ac90d39e6f2824824530ffc55a89625212bf291e5cd65ab85a201d657dbe36894d3a4cc0edae45cfa121628a331d173c56c2ac8d433d5323ae3343243a77d79f81fd2cffc2f94b97e49572b20c9290c581acff89d7ffa048355a3cbedbfcd1148062b57cde94a168052bd211090d7f247686984aefeeb6a6a21fa2e9621d9a7ff153c9a89803013e8fb4a43ef5e9ce6da1680eba5598c37b1c9c021eb2c457e55bb0e5adb190bf3535488714efefa9b16c7af78d45c166382d12c4688e5b144999518d234121a35081f6b7e4a0f1a4be96343335529") 00:32:11 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400280) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) r8 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvme-fabrics\x00', 0x2880, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x8, r7}) prctl$PR_SET_FP_MODE(0x2d, 0x0) 00:32:11 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 303.006929] FAULT_INJECTION: forcing a failure. [ 303.006929] name failslab, interval 1, probability 0, space 0, times 0 [ 303.030977] CPU: 1 PID: 15675 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 303.040179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.049539] Call Trace: [ 303.052144] dump_stack+0x1b2/0x283 [ 303.055789] should_fail.cold+0x10a/0x154 [ 303.059958] should_failslab+0xd6/0x130 [ 303.064680] kmem_cache_alloc+0x28e/0x3c0 [ 303.068846] mmu_topup_memory_caches+0x83/0x300 [ 303.073523] ? kvm_vcpu_kick+0xef/0x1f0 [ 303.077523] kvm_mmu_load+0x1e/0xc90 [ 303.081253] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 303.086726] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 303.091763] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 303.096705] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 303.102177] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 303.107029] ? lock_acquire+0x170/0x3f0 [ 303.111127] ? lock_downgrade+0x6e0/0x6e0 [ 303.115291] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 303.119537] kvm_vcpu_ioctl+0x3df/0xc70 [ 303.123523] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 303.129863] ? trace_hardirqs_on+0x10/0x10 [ 303.135251] ? __fdget_pos+0xa6/0xc0 [ 303.138974] ? fsnotify+0x897/0x1110 [ 303.142692] ? __vfs_write+0xec/0x630 [ 303.146502] ? proc_tid_io_accounting+0x20/0x20 [ 303.151193] ? SyS_write+0x1b7/0x210 00:32:11 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:11 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 303.154916] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 303.161241] do_vfs_ioctl+0x75a/0xfe0 [ 303.165053] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 303.170692] ? ioctl_preallocate+0x1a0/0x1a0 [ 303.175124] ? security_file_ioctl+0x76/0xb0 [ 303.179538] ? security_file_ioctl+0x83/0xb0 [ 303.184828] SyS_ioctl+0x7f/0xb0 [ 303.188203] ? do_vfs_ioctl+0xfe0/0xfe0 [ 303.192196] do_syscall_64+0x1d5/0x640 [ 303.196269] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 303.201458] RIP: 0033:0x45cb29 00:32:11 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:11 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 303.204647] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 303.212361] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 303.219635] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 303.228041] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 303.235403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 303.242673] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:11 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:11 executing program 2 (fault-call:10 fault-nth:30): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 303.361909] FAULT_INJECTION: forcing a failure. [ 303.361909] name failslab, interval 1, probability 0, space 0, times 0 [ 303.392141] CPU: 1 PID: 15746 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 303.400068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.411600] Call Trace: [ 303.414197] dump_stack+0x1b2/0x283 [ 303.417837] should_fail.cold+0x10a/0x154 [ 303.421993] should_failslab+0xd6/0x130 [ 303.426067] kmem_cache_alloc+0x28e/0x3c0 [ 303.430573] mmu_topup_memory_caches+0x83/0x300 [ 303.435279] ? kvm_vcpu_kick+0xef/0x1f0 [ 303.439281] kvm_mmu_load+0x1e/0xc90 [ 303.442999] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 303.448742] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 303.453678] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 303.458712] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 303.464257] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 303.469099] ? lock_acquire+0x170/0x3f0 [ 303.473081] ? lock_downgrade+0x6e0/0x6e0 [ 303.477238] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 303.481395] kvm_vcpu_ioctl+0x3df/0xc70 [ 303.485374] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 303.491263] ? trace_hardirqs_on+0x10/0x10 [ 303.495503] ? __fdget_pos+0xa6/0xc0 [ 303.499225] ? fsnotify+0x897/0x1110 [ 303.502959] ? __vfs_write+0xec/0x630 [ 303.506765] ? proc_tid_io_accounting+0x20/0x20 [ 303.511437] ? SyS_write+0x1b7/0x210 [ 303.515159] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 303.521403] do_vfs_ioctl+0x75a/0xfe0 [ 303.525211] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 303.530973] ? ioctl_preallocate+0x1a0/0x1a0 [ 303.535390] ? security_file_ioctl+0x76/0xb0 [ 303.539801] ? security_file_ioctl+0x83/0xb0 [ 303.544210] SyS_ioctl+0x7f/0xb0 [ 303.547571] ? do_vfs_ioctl+0xfe0/0xfe0 [ 303.551548] do_syscall_64+0x1d5/0x640 [ 303.555445] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 303.560636] RIP: 0033:0x45cb29 [ 303.563928] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 303.571702] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 303.578951] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 303.586199] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 303.593494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 303.600746] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:12 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:32:12 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r4) splice(r3, 0x0, r4, 0x0, 0x100000002, 0x0) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r6 = eventfd(0x0) r7 = dup3(r5, r2, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x2, r0}) 00:32:12 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r5) splice(r4, 0x0, r5, 0x0, 0x100000002, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x14, r7, 0xf01, 0x0, 0x0, {0x4}}, 0xff92}}, 0x0) sendmsg$IPVS_CMD_GET_INFO(r5, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0xc0, r7, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x2}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x4}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x400}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DEST={0x20, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@multicast2}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x8}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}]}, @IPVS_CMD_ATTR_DEST={0x4c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@broadcast}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@loopback}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x81}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9d2f}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x8081) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = eventfd(0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000000)={r10}) r11 = dup3(r9, r3, 0x0) ioctl$KVM_IRQFD(r11, 0x4020ae76, &(0x7f0000000080)={r10, 0x0, 0x3}) 00:32:12 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r4) splice(r3, 0x0, r4, 0x0, 0x100000002, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000000)={0x6, 0x5, 0xfffffa43, 0x8000, 0x1f}, 0x14) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x8000, 0x10800) fcntl$notify(r7, 0x402, 0x30) r8 = eventfd(0x0) r9 = dup3(r6, r2, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x2, r0}) 00:32:12 executing program 2 (fault-call:10 fault-nth:31): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 303.827991] FAULT_INJECTION: forcing a failure. [ 303.827991] name failslab, interval 1, probability 0, space 0, times 0 [ 303.862577] CPU: 1 PID: 15782 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 303.870526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.879899] Call Trace: [ 303.882511] dump_stack+0x1b2/0x283 [ 303.886162] should_fail.cold+0x10a/0x154 [ 303.890326] should_failslab+0xd6/0x130 [ 303.894314] kmem_cache_alloc+0x28e/0x3c0 [ 303.898494] mmu_topup_memory_caches+0x83/0x300 [ 303.903173] ? kvm_vcpu_kick+0xef/0x1f0 [ 303.907159] kvm_mmu_load+0x1e/0xc90 [ 303.910938] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 303.916395] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 303.925056] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 303.930324] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 303.935777] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 303.941214] ? lock_acquire+0x170/0x3f0 [ 303.945185] ? lock_downgrade+0x6e0/0x6e0 [ 303.949316] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 303.953440] kvm_vcpu_ioctl+0x3df/0xc70 [ 303.957456] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 303.963321] ? trace_hardirqs_on+0x10/0x10 [ 303.967533] ? __fdget_pos+0xa6/0xc0 [ 303.971224] ? fsnotify+0x897/0x1110 [ 303.974933] ? __vfs_write+0xec/0x630 [ 303.978715] ? proc_tid_io_accounting+0x20/0x20 [ 303.983364] ? SyS_write+0x1b7/0x210 [ 303.987076] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 303.992940] do_vfs_ioctl+0x75a/0xfe0 [ 303.996731] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 304.002416] ? ioctl_preallocate+0x1a0/0x1a0 [ 304.006879] ? security_file_ioctl+0x76/0xb0 [ 304.011270] ? security_file_ioctl+0x83/0xb0 [ 304.015658] SyS_ioctl+0x7f/0xb0 [ 304.019004] ? do_vfs_ioctl+0xfe0/0xfe0 [ 304.023000] do_syscall_64+0x1d5/0x640 [ 304.026956] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 304.032267] RIP: 0033:0x45cb29 [ 304.035435] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 304.043127] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 304.050378] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 304.057652] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 304.064941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 304.072192] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:12 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) ioctl$VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f0000000000)={0xaa4, 0x6, 0x3}) 00:32:12 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa\x00', 0x40000, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r4) splice(r3, 0x0, r4, 0x0, 0x100000002, 0x4) r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000000)={r8}) r9 = dup3(r7, r5, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x3}) 00:32:12 executing program 2 (fault-call:10 fault-nth:32): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:12 executing program 1: r0 = eventfd(0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r2) splice(r1, 0x0, r2, 0x0, 0x100000002, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000740)={'ah\x00'}, &(0x7f0000000780)=0x1e) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = openat$mice(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/input/mice\x00', 0x10001) bind$x25(r4, &(0x7f0000000700)={0x9, @remote={[], 0x3}}, 0x12) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) r9 = dup3(r7, r5, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x2, r0}) syz_mount_image$nfs4(&(0x7f0000000000)='nfs4\x00', &(0x7f0000000100)='./file0\x00', 0x1000, 0x8, &(0x7f00000005c0)=[{&(0x7f0000000140)="1af97dfb0de7636a1aee9d254699618ac227714755df525bfbf8fd5435aa67c268dae807515c5d8e", 0x28, 0x1}, {&(0x7f0000000180)="ad6ffbd748cdff17b124bc117f4163d7c86ee97bccccf1c49ec2f8392ef9cae7c1ed9d518419e33e3a781d3de4d9cd7ea036a21662e76c900eb2cc72ed254107b416e820d70cfbdfa267a1024ad9a4ab1e0c6da6237e71f54dec2ef2173561b263d49b8d1cb9c66489761bfbeafcf8b0a48d300f8ecfb2cfebc1eab42a4ab5353c58534aaf21250688330b874c", 0x8d}, {&(0x7f0000000240)="a5fc75bbb890cb0ba1d8f2e3e0958b4ea427a9b24f7df477fe33b54d393589b92d9459544ae4dea8bb2b19119564c7c4f3c82ec14c54f06732342b69b3e1b5b35d1408", 0x43, 0x3}, {&(0x7f00000002c0)="d109988898b027aa08431588b245b77185ae62befd10f91220e9115694b535ee897e31a5b590cf4abd1cd5c24255f9da04b5884459ea5d8588320955738e0c3818a792dc27459632fad7cf86f259ac4a8ba23c1154", 0x55, 0x8}, {&(0x7f0000000340)="d39819eaf339d01694fddbeec933eb6d376ed959bdb8de8b67e76da217f72ab6e40cfb13fe6bd864d23cfe96579e60b57aa196608b052dc924e352fc378fd7c8e0463219df800fa4c6b73d5c2e76008390abe8af24395f14fec04b862bf758cc8cc6506490591aa70a0280965f08fca29b45", 0x72, 0x4}, {&(0x7f00000003c0)="2cf7c79d8ad11f15074f519530d6302cd39f84b70a6911bb02bbff55ad5394f0ac85bbed6b211f8ec404cfee7c815d740ad7ca790d2c465b4c830bdf1a6f074f48f80d420f8b706c1ed27193dcae0f21923a0f0c5dbbf30f21c0db7efff2e2a74802322c2b69a66a9c021347dd246de308bb2a45fe93fcd5e304345311248ee90fa9014de974f5cc8bbb360cb2138467330aa2739eab59a87e00dc53ce21d868f05a6a3cedd50d7c2f0213e76b27da62afb46db9c81be7c7634e5eebc6dac2e09f08ef5a", 0xc4, 0x1}, {&(0x7f00000004c0)="484df3cb1ba9fd353a7108f406c41f009780b7b1ba289faaec3d28ccf67ed12ab7d94f4735d5cd4665ce5ff9cfd79ff510af66884d2d81f28badf52b95b37b9164613d4fcae1e5be2b2600ed1bff04470239bd0740bba25253a2cc54c5e64d7034", 0x61, 0x8001}, {&(0x7f0000000540)="9e2ca7db06b6f4d8881ba119074c85329df851fd2475eec0b0fb56f470a2c0918d80e76b5187becd1137c94e2793645642999ccb4cdaed1464b9a69a1130f4797f5a0e9cd02d7cfbbeda20401dc38c239db5e56139d53deb99bd3e11b9b1446271273a83fc41e56e70119460452a8b84f43f0fde6c8a", 0x76, 0x8}], 0x0, &(0x7f0000000680)='*$\x00') 00:32:12 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ubi_ctrl\x00', 0x4000, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f0000000140)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) ioctl$GIO_CMAP(r8, 0x4b70, &(0x7f0000000100)) r9 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) [ 304.290643] FAULT_INJECTION: forcing a failure. [ 304.290643] name failslab, interval 1, probability 0, space 0, times 0 [ 304.312663] CPU: 0 PID: 15848 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 304.320585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.329973] Call Trace: [ 304.332579] dump_stack+0x1b2/0x283 [ 304.336220] should_fail.cold+0x10a/0x154 [ 304.340384] should_failslab+0xd6/0x130 [ 304.344367] kmem_cache_alloc+0x28e/0x3c0 [ 304.348528] mmu_topup_memory_caches+0x83/0x300 [ 304.353203] ? kvm_vcpu_kick+0xef/0x1f0 [ 304.357184] kvm_mmu_load+0x1e/0xc90 [ 304.360902] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 304.366358] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 304.371302] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 304.376239] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 304.381712] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 304.386568] ? lock_acquire+0x170/0x3f0 [ 304.390549] ? lock_downgrade+0x6e0/0x6e0 [ 304.394899] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 304.399662] kvm_vcpu_ioctl+0x3df/0xc70 [ 304.403647] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 304.409538] ? trace_hardirqs_on+0x10/0x10 [ 304.413779] ? __fdget_pos+0xa6/0xc0 [ 304.417504] ? fsnotify+0x897/0x1110 [ 304.421236] ? __vfs_write+0xec/0x630 [ 304.425046] ? proc_tid_io_accounting+0x20/0x20 [ 304.429714] ? SyS_write+0x1b7/0x210 [ 304.433434] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 304.439322] do_vfs_ioctl+0x75a/0xfe0 [ 304.443131] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 304.448766] ? ioctl_preallocate+0x1a0/0x1a0 [ 304.453192] ? security_file_ioctl+0x76/0xb0 [ 304.457895] ? security_file_ioctl+0x83/0xb0 [ 304.462311] SyS_ioctl+0x7f/0xb0 [ 304.465678] ? do_vfs_ioctl+0xfe0/0xfe0 [ 304.469656] do_syscall_64+0x1d5/0x640 [ 304.473552] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 304.478740] RIP: 0033:0x45cb29 [ 304.481927] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 304.489636] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 304.496909] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 304.504183] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 304.511538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 304.518912] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 [ 304.546746] print_req_error: I/O error, dev loop1, sector 0 00:32:14 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:14 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000100)={&(0x7f0000000000)='./file0\x00', 0x0, 0x30}, 0x10) 00:32:14 executing program 5: splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000002, 0x0) ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, &(0x7f0000000280)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6, 0x0, 0x3}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) setsockopt$bt_rfcomm_RFCOMM_LM(r7, 0x12, 0x3, &(0x7f0000000240)=0x40, 0x4) r9 = dup3(r5, r3, 0x0) r10 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x4, 0x20200) ioctl$KDGKBDIACR(r10, 0x4b4a, &(0x7f00000000c0)=""/194) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:32:14 executing program 1: eventfd(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) dup3(r3, r1, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r6) splice(r5, 0x0, r6, 0x0, 0x100000002, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000140)={r4, 0x0, 0x8, r6}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r10, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r10) splice(r9, 0x0, r10, 0x0, 0x100000002, 0x0) ioctl$UFFDIO_API(r10, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x6}) 00:32:14 executing program 2 (fault-call:10 fault-nth:33): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:14 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) [ 306.422840] FAULT_INJECTION: forcing a failure. [ 306.422840] name failslab, interval 1, probability 0, space 0, times 0 [ 306.449985] CPU: 0 PID: 15914 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 306.457925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.467284] Call Trace: [ 306.469888] dump_stack+0x1b2/0x283 [ 306.473527] should_fail.cold+0x10a/0x154 [ 306.477686] should_failslab+0xd6/0x130 [ 306.481924] kmem_cache_alloc+0x28e/0x3c0 [ 306.486081] mmu_topup_memory_caches+0x83/0x300 [ 306.491712] ? kvm_vcpu_kick+0xef/0x1f0 [ 306.496131] kvm_mmu_load+0x1e/0xc90 [ 306.499855] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 306.505574] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 306.510521] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 306.515463] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 306.520927] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 306.525773] ? lock_acquire+0x170/0x3f0 [ 306.529856] ? lock_downgrade+0x6e0/0x6e0 [ 306.534205] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 306.538894] kvm_vcpu_ioctl+0x3df/0xc70 [ 306.543054] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 306.549043] ? trace_hardirqs_on+0x10/0x10 [ 306.553465] ? __fdget_pos+0xa6/0xc0 [ 306.557322] ? fsnotify+0x897/0x1110 [ 306.562051] ? __vfs_write+0xec/0x630 [ 306.565865] ? proc_tid_io_accounting+0x20/0x20 [ 306.570552] ? SyS_write+0x1b7/0x210 [ 306.574278] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 306.580171] do_vfs_ioctl+0x75a/0xfe0 [ 306.584245] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 306.589883] ? ioctl_preallocate+0x1a0/0x1a0 [ 306.594387] ? security_file_ioctl+0x76/0xb0 [ 306.598803] ? security_file_ioctl+0x83/0xb0 [ 306.603306] SyS_ioctl+0x7f/0xb0 [ 306.606774] ? do_vfs_ioctl+0xfe0/0xfe0 [ 306.610765] do_syscall_64+0x1d5/0x640 [ 306.615026] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 306.620226] RIP: 0033:0x45cb29 00:32:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x101, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000002, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f0000000140)={0x1, 'veth1_to_batadv\x00', 0x3}, 0x18) close(r5) splice(r4, 0x0, r5, 0x0, 0x100000002, 0x0) read$usbmon(r4, &(0x7f0000000040)=""/37, 0x25) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000000)={r8}) r9 = dup3(r7, r3, 0x0) ioctl$BLKTRACESTOP(r2, 0x1275, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x3}) 00:32:15 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = eventfd(0x0) r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r4, 0x118, 0x1, &(0x7f00000001c0), 0x4) ioctl$sock_inet_SIOCSIFBRDADDR(r4, 0x891a, &(0x7f0000000100)={'vlan0\x00', {0x2, 0x4e21, @remote}}) r5 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r5, 0x118, 0x1, &(0x7f00000001c0), 0x4) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000000e14000228bd7000fffffffffffffffd0100000008003c000100000008003c000500000008003c00040000000800030004000000b0ea5d3882353364a3a1c76af3354efe78efda52edc481352077e53700d8548cdd7d627e32a6aeeb15db4ad7f4c92819e3d00cf83bf38b79820023ba63450fe5b998de6a6425e1001716435fc096156775973484dadb9b7e009da765b4909d891e1da5204a56f6db7253bac5aee28bf81fceb4bd43c7510000000000007fffb11baf70907041d754da4dbfe627af0bce52d899e18a9a9b81d67264af35519b126616a90191ee39a606afe3c9a46efedab1000000000000000000"], 0x38}, 0x1, 0x0, 0x0, 0x4040000}, 0x880) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) r7 = accept4(0xffffffffffffffff, &(0x7f0000000200)=@sco={0x1f, @none}, &(0x7f0000000280)=0x80, 0x80800) getpeername$tipc(r7, &(0x7f00000002c0)=@id, &(0x7f0000000400)=0x10) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r6, 0x118, 0x1, &(0x7f0000000440)=0x5, 0x4) r8 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r8, 0x118, 0x1, &(0x7f00000001c0), 0x4) r9 = dup3(r1, r8, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) 00:32:15 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x0, 0x0) r4 = gettid() process_vm_writev(r4, &(0x7f0000000000)=[{&(0x7f0000000040)=""/247, 0xffffff50}], 0x1000000000000005, &(0x7f0000000180)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) mq_notify(r3, &(0x7f0000000140)={0x0, 0x24, 0x2, @tid=r4}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer2\x00', 0x200, 0x0) r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer\x00', 0x404280, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd(0x0) connect$phonet_pipe(r6, &(0x7f0000000000)={0x23, 0x0, 0x7, 0x7}, 0x10) r8 = dup3(r6, r2, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x2, r0}) [ 306.623448] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 306.631170] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 306.638469] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 306.645919] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 306.653718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 306.661028] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:15 executing program 2 (fault-call:10 fault-nth:34): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:15 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) r7 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r7, 0x118, 0x1, &(0x7f00000001c0), 0x4) dup(r7) 00:32:15 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/ignore_tunneled\x00', 0x2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) r4 = syz_open_dev$audion(&(0x7f0000000140)='/dev/audio#\x00', 0x0, 0x406200) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x7fff}, @in6={0xa, 0x4e22, 0x4, @local, 0x3f}, @in6={0xa, 0x4e24, 0x5, @mcast1, 0x9}, @in6={0xa, 0x4e24, 0x8, @private1, 0x7}], 0x70) close(r3) splice(r2, 0x0, r3, 0x0, 0x100000002, 0x0) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000000)={r8}) r9 = dup3(r7, r5, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x3}) [ 306.796891] FAULT_INJECTION: forcing a failure. [ 306.796891] name failslab, interval 1, probability 0, space 0, times 0 [ 306.819251] CPU: 0 PID: 16000 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 306.827178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.836535] Call Trace: [ 306.839164] dump_stack+0x1b2/0x283 [ 306.842798] should_fail.cold+0x10a/0x154 [ 306.846979] should_failslab+0xd6/0x130 [ 306.851046] kmem_cache_alloc+0x28e/0x3c0 [ 306.855206] mmu_topup_memory_caches+0x83/0x300 [ 306.859884] ? kvm_vcpu_kick+0xef/0x1f0 [ 306.863863] kvm_mmu_load+0x1e/0xc90 [ 306.867575] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 306.873024] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 306.877962] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 306.882897] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 306.888352] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 306.893192] ? lock_acquire+0x170/0x3f0 [ 306.897170] ? lock_downgrade+0x6e0/0x6e0 [ 306.901328] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 306.905504] kvm_vcpu_ioctl+0x3df/0xc70 [ 306.909482] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 306.915368] ? trace_hardirqs_on+0x10/0x10 [ 306.919605] ? __fdget_pos+0xa6/0xc0 [ 306.923323] ? fsnotify+0x897/0x1110 [ 306.927209] ? __vfs_write+0xec/0x630 [ 306.931018] ? proc_tid_io_accounting+0x20/0x20 [ 306.935900] ? SyS_write+0x1b7/0x210 [ 306.939630] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 306.946097] do_vfs_ioctl+0x75a/0xfe0 [ 306.949943] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 306.955582] ? ioctl_preallocate+0x1a0/0x1a0 [ 306.960023] ? security_file_ioctl+0x76/0xb0 [ 306.964709] ? security_file_ioctl+0x83/0xb0 [ 306.969216] SyS_ioctl+0x7f/0xb0 [ 306.972599] ? do_vfs_ioctl+0xfe0/0xfe0 [ 306.977180] do_syscall_64+0x1d5/0x640 [ 306.981540] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 306.988312] RIP: 0033:0x45cb29 [ 306.991510] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 306.999323] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 307.007402] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 307.014764] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 307.022043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 307.029318] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:17 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:17 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = eventfd(0x0) r5 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r5, 0x118, 0x1, &(0x7f00000001c0), 0x4) r6 = dup3(r5, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:32:17 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r3, 0x118, 0x1, &(0x7f00000001c0), 0x4) bind$nfc_llcp(r3, &(0x7f0000000240)={0x27, 0x1, 0x0, 0x5, 0x2, 0x20, "241269266d0550a4b3d72a8923ee6a729dafcee9d44f51deae0f7330461497ce1b339ecb88c34e59f77bff58c881adb6e187bc6992c14fb228eca9d9204d1f", 0x8}, 0x60) vmsplice(r2, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r2) ioctl$FBIOGET_FSCREENINFO(r2, 0x4602, &(0x7f00000002c0)) splice(r1, 0x0, r2, 0x0, 0x100000002, 0x0) bind$can_raw(r2, &(0x7f0000000040), 0x10) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = eventfd(0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000000)={r9}) r10 = dup3(r8, r6, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r9, 0x0, 0x3}) 00:32:17 executing program 3: r0 = eventfd(0x0) r1 = socket$unix(0x1, 0x5, 0x0) getsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000000), &(0x7f0000000100)=0x8) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x4000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) write$P9_RREAD(r7, &(0x7f0000000140)={0x71, 0x75, 0x1, {0x66, "58f47bc3491b7b490d17adff6e469ee85cfadd4ca293ff5b38c849c19f8e0a1a27f888bd7631b05fa4d8a969540dbcdd0e5f1e4e7302a40a583a7a717ed39441dc7ee789236234dadccd3d8a797cd01a7ddb07cdfbed7a27840c2b3413191f520a712ad14983"}}, 0x71) r9 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x2, r0}) 00:32:17 executing program 2 (fault-call:10 fault-nth:35): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:17 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:32:18 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r4) splice(r3, 0x0, r4, 0x0, 0x100000002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000100)=[@in6={0xa, 0x4e23, 0x6, @private2={0xfc, 0x2, [], 0x1}, 0x6}, @in6={0xa, 0x4e20, 0x1, @local, 0x9}, @in={0x2, 0x4e22, @multicast1}, @in6={0xa, 0x4e23, 0x400, @local, 0x100}, @in6={0xa, 0x4e24, 0x3, @mcast1, 0x80000000}], 0x80) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd(0x0) r8 = dup3(r6, r2, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x2, r0}) [ 309.454269] FAULT_INJECTION: forcing a failure. [ 309.454269] name failslab, interval 1, probability 0, space 0, times 0 [ 309.481501] CPU: 1 PID: 16057 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 309.489436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.498975] Call Trace: [ 309.501761] dump_stack+0x1b2/0x283 [ 309.505409] should_fail.cold+0x10a/0x154 [ 309.509572] should_failslab+0xd6/0x130 [ 309.513559] kmem_cache_alloc+0x28e/0x3c0 [ 309.517721] mmu_topup_memory_caches+0x83/0x300 [ 309.522529] ? kvm_vcpu_kick+0xef/0x1f0 [ 309.526517] kvm_mmu_load+0x1e/0xc90 [ 309.530241] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 309.535701] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 309.540737] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 309.546557] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 309.552381] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 309.557235] ? lock_acquire+0x170/0x3f0 [ 309.561224] ? lock_downgrade+0x6e0/0x6e0 [ 309.565405] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 309.569561] kvm_vcpu_ioctl+0x3df/0xc70 [ 309.573551] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 309.579449] ? trace_hardirqs_on+0x10/0x10 [ 309.583694] ? __fdget_pos+0xa6/0xc0 [ 309.587505] ? fsnotify+0x897/0x1110 [ 309.591746] ? __vfs_write+0xec/0x630 [ 309.595658] ? proc_tid_io_accounting+0x20/0x20 [ 309.600334] ? SyS_write+0x1b7/0x210 [ 309.604066] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 309.609958] do_vfs_ioctl+0x75a/0xfe0 [ 309.613865] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 309.619491] ? ioctl_preallocate+0x1a0/0x1a0 [ 309.623922] ? security_file_ioctl+0x76/0xb0 [ 309.629187] ? security_file_ioctl+0x83/0xb0 [ 309.633685] SyS_ioctl+0x7f/0xb0 [ 309.637096] ? do_vfs_ioctl+0xfe0/0xfe0 [ 309.641083] do_syscall_64+0x1d5/0x640 [ 309.644989] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 309.650184] RIP: 0033:0x45cb29 00:32:18 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x0, 0x2) r7 = dup3(r4, r6, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) [ 309.653376] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 309.661083] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 309.668341] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 309.675592] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 309.682943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 309.690473] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:18 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x80000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r6) ioctl$KVM_ARM_SET_DEVICE_ADDR(r6, 0x4010aeab, &(0x7f0000000380)={0x7, 0x6000}) splice(r5, 0x0, r6, 0x0, 0x100000002, 0x0) write$vhost_msg_v2(r5, &(0x7f0000000300)={0x2, 0x0, {&(0x7f0000000100)=""/201, 0xc9, &(0x7f0000000200)=""/234, 0x1, 0x6}}, 0x48) r7 = eventfd(0x0) r8 = dup3(r4, r2, 0x0) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0x2, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x2, r0}) 00:32:18 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'bond_slave_0\x00', 0x1000}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:32:18 executing program 2 (fault-call:10 fault-nth:36): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:18 executing program 3: eventfd(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe800, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x10, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r2, 0x1000) lseek(r2, 0x0, 0x2) r3 = socket(0x10, 0x3, 0x0) sendmsg$AUDIT_GET_FEATURE(r3, &(0x7f00000002c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={0x0}}, 0x40000) r4 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)={0xe8, 0x17, 0x101, 0x0, 0x25dfdbff, {0x2}, [@nested={0xd2, 0x5b, 0x0, 0x1, [@generic="08e6a05bc8b47b08cc90202a5cebc300a815e1d01db00ebcd6b70bd445eb7e5bac304355a0523dcad9c538fa01c0ca80f6bf119c4eaa19ba31449b691386061e24bcc9e5089d34380fe83ad5fd78c481da15f1ff9f5eb7e0582b3f8ef2d965bc9b3bef3ced20dcdadedc3a3f29a508116301cebfd3283e343ea02848ad739b60b360f45fabd14e45e9c9270edcafec8057bfa142251a36390694f1f893bdeaf8816b2157a79456e6d50041ce36fc1d5a42f69e65e6229bbd63ba2fd0f6c738497bb955b6d88f29b7d96fc2f3e9ff"]}]}, 0xe8}}, 0x0) unlink(&(0x7f00000001c0)='./bus\x00') sendfile(r2, r4, &(0x7f0000d83ff8), 0x8000fffffffe) [ 309.936801] FAULT_INJECTION: forcing a failure. [ 309.936801] name failslab, interval 1, probability 0, space 0, times 0 [ 309.965576] CPU: 1 PID: 16139 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 309.973500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.982897] Call Trace: [ 309.985584] dump_stack+0x1b2/0x283 [ 309.989225] should_fail.cold+0x10a/0x154 [ 309.993388] should_failslab+0xd6/0x130 [ 309.997377] kmem_cache_alloc+0x28e/0x3c0 [ 310.001586] mmu_topup_memory_caches+0x83/0x300 [ 310.006462] ? kvm_vcpu_kick+0xef/0x1f0 [ 310.011356] kvm_mmu_load+0x1e/0xc90 [ 310.015077] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 310.020563] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 310.025503] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 310.029522] audit: type=1804 audit(1593736338.602:14): pid=16148 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir789355218/syzkaller.LuE102/268/file0/bus" dev="loop3" ino=3 res=1 [ 310.030439] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 310.030461] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 310.030469] ? lock_acquire+0x170/0x3f0 [ 310.030479] ? lock_downgrade+0x6e0/0x6e0 [ 310.073327] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 310.077487] kvm_vcpu_ioctl+0x3df/0xc70 [ 310.081650] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 310.087659] ? trace_hardirqs_on+0x10/0x10 [ 310.091905] ? __fdget_pos+0xa6/0xc0 [ 310.095636] ? fsnotify+0x897/0x1110 [ 310.099353] ? __vfs_write+0xec/0x630 [ 310.103163] ? proc_tid_io_accounting+0x20/0x20 [ 310.107840] ? SyS_write+0x1b7/0x210 [ 310.111651] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 310.117538] do_vfs_ioctl+0x75a/0xfe0 [ 310.121352] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 310.126980] ? ioctl_preallocate+0x1a0/0x1a0 [ 310.131417] ? security_file_ioctl+0x76/0xb0 [ 310.135864] ? security_file_ioctl+0x83/0xb0 [ 310.140276] SyS_ioctl+0x7f/0xb0 [ 310.143731] ? do_vfs_ioctl+0xfe0/0xfe0 [ 310.147717] do_syscall_64+0x1d5/0x640 [ 310.151617] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 310.156807] RIP: 0033:0x45cb29 [ 310.159999] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 310.168150] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 310.175687] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 310.182959] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 310.190231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 310.197500] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 [ 310.270284] audit: type=1804 audit(1593736338.902:15): pid=16188 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir789355218/syzkaller.LuE102/268/file0/bus" dev="loop3" ino=4 res=1 00:32:21 executing program 2 (fault-call:10 fault-nth:37): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:21 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:21 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:32:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fd5000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0e0000008e00660f3882af724d00002ed8dd65660f382201c7442402c43a727fc7442406000000000f0114240f01c40f013a360f06c4c18d72d6830f01caed", 0x4e}], 0x1, 0x0, 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4802, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000049000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = eventfd(0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000000)={r9}) dup3(r8, r3, 0x0) 00:32:21 executing program 3: eventfd(0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000180)='w', 0x1}, {&(0x7f00000001c0)="0f611f55b465a47e131fc236153d9008ee7ee5ab2139bb48a317586f6110bc3fee4f6d030cf98a1329f56232bfc9dc5683ad1e8173863a483796aede275315a9b39cf104692de6af1558c65a118708f5a65d229d831c44c61a", 0x59}], 0x2, 0x8) close(r1) splice(r0, 0x0, r1, 0x0, 0x100000002, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f0000000100)={0x3, {{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, 0x88) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x8401, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x1) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x8, 0x2, r0}) 00:32:21 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r4) splice(r3, 0x0, r4, 0x0, 0x100000002, 0x0) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000100)={0x2, 0x0, @pic={0x7, 0x81, 0x1f, 0xae, 0xf8, 0x20, 0xff, 0xb6, 0x2, 0x1, 0x37, 0x9, 0x1, 0x3, 0x3f, 0x7f}}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd(0x0) r8 = dup3(r6, r2, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x2, r0}) [ 312.466774] FAULT_INJECTION: forcing a failure. [ 312.466774] name failslab, interval 1, probability 0, space 0, times 0 [ 312.517433] CPU: 0 PID: 16212 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 312.525599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 312.535793] Call Trace: [ 312.538394] dump_stack+0x1b2/0x283 [ 312.542499] should_fail.cold+0x10a/0x154 [ 312.547285] should_failslab+0xd6/0x130 [ 312.551619] kmem_cache_alloc+0x28e/0x3c0 [ 312.556619] mmu_topup_memory_caches+0x83/0x300 [ 312.564453] ? kvm_vcpu_kick+0xef/0x1f0 [ 312.568617] kvm_mmu_load+0x1e/0xc90 [ 312.573520] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 312.579328] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 312.584536] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 312.589686] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 312.596050] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 312.601249] ? lock_acquire+0x170/0x3f0 [ 312.607256] ? lock_downgrade+0x6e0/0x6e0 [ 312.611514] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 312.615711] kvm_vcpu_ioctl+0x3df/0xc70 [ 312.619692] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 312.625589] ? trace_hardirqs_on+0x10/0x10 [ 312.629945] ? __schedule+0x8ae/0x1d70 [ 312.634372] ? mark_held_locks+0xa6/0xf0 [ 312.639597] ? SyS_write+0x1b7/0x210 [ 312.643332] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 312.648196] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 312.654767] do_vfs_ioctl+0x75a/0xfe0 [ 312.659640] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 312.665327] ? ioctl_preallocate+0x1a0/0x1a0 [ 312.671373] ? security_file_ioctl+0x76/0xb0 [ 312.675969] ? security_file_ioctl+0x83/0xb0 [ 312.680748] SyS_ioctl+0x7f/0xb0 [ 312.684113] ? do_vfs_ioctl+0xfe0/0xfe0 [ 312.688266] do_syscall_64+0x1d5/0x640 [ 312.692174] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 312.697368] RIP: 0033:0x45cb29 [ 312.700556] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 312.708258] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 00:32:21 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r4) splice(r3, 0x0, r4, 0x0, 0x100000002, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) r7 = dup3(r5, r2, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x2, r0}) 00:32:21 executing program 3: r0 = eventfd(0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r2) splice(r1, 0x0, r2, 0x0, 0x100000002, 0x0) mq_timedsend(r1, &(0x7f0000000100)="ceda325f4d02e14b1b5efb0156f17067bfe9eb23278194cf56a0833188569b61293403754d7742683574666f49a2e490f22dca584f1ed0ab9a9f412b7642a622836fea730a52f62250408405a76ad34f144b7f3e192cc298a59426d41453a878c8f4952cfcfd5f91fcb5", 0x6a, 0x8, &(0x7f0000000000)) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000002, 0x0) ioctl$FBIO_WAITFORVSYNC(0xffffffffffffffff, 0x40044620, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r7) splice(r6, 0x0, r7, 0x0, 0x100000002, 0x0) bind$l2tp(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r9 = eventfd(0x0) r10 = dup3(r8, r4, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r9, 0x0, 0x2, r0}) [ 312.715524] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 312.722792] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 312.730077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 312.737788] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:21 executing program 2 (fault-call:10 fault-nth:38): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:21 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r4) splice(r3, 0x0, r4, 0x0, 0x100000002, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r4, 0x0, 0x41, &(0x7f0000000240)={'mangle\x00', 0x2, [{}, {}]}, 0x48) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000001c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}]}, 0x54}}, 0x0) sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r5, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x3, 0x2, 0x3, 0x0, 0x0, {0x7, 0x0, 0x1}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) r9 = dup3(r7, r2, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x2, r0}) 00:32:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x4280, 0x0) ioctl$EVIOCGEFFECTS(r3, 0x80044584, &(0x7f00000000c0)=""/198) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r3, 0x0, 0x482, &(0x7f0000000240)=""/171, &(0x7f0000000300)=0xab) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd(0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={r7}) r8 = dup3(r6, r4, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x3}) 00:32:21 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/net/pfkey\x00', 0x2001, 0x0) ioctl$SCSI_IOCTL_STOP_UNIT(r4, 0x6) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r6 = eventfd(0x0) r7 = dup3(r5, r2, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x2, r0}) r8 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r8, 0x118, 0x1, &(0x7f00000001c0), 0x4) recvmsg(r8, &(0x7f0000000400)={&(0x7f0000000100)=@caif=@dgm, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)=""/119, 0x77}, {&(0x7f0000000200)=""/123, 0x7b}, {&(0x7f0000000280)=""/235, 0xeb}], 0x3, &(0x7f0000000380)=""/76, 0x4c}, 0x40012123) setsockopt$packet_buf(r8, 0x107, 0x2, &(0x7f0000000440)="d69f732859e4b5ff7c4b76d5ae456c26b7a253ed2d7eaf66bfe3cd21e71bbdbceeea12427f371ca9ede9fe8bd54de490487f6973925211cf6c70000610b0b7fbeb5031862618fa515ebc67cc4343835c5eb08e6c83dd3c83215a8e5f9de401d069c73cf1b2b8132f9a68f6b16673cc9a1508bacf1547d7ebe63e5d7b06b48dd6a65635404dbff0398c6e122fdffeb392859ada70ba4df59e8e92", 0x9a) [ 312.990080] FAULT_INJECTION: forcing a failure. [ 312.990080] name failslab, interval 1, probability 0, space 0, times 0 [ 313.016638] CPU: 1 PID: 16307 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 313.024998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.035064] Call Trace: [ 313.037667] dump_stack+0x1b2/0x283 [ 313.041505] should_fail.cold+0x10a/0x154 [ 313.046012] should_failslab+0xd6/0x130 [ 313.050089] kmem_cache_alloc+0x28e/0x3c0 [ 313.054250] mmu_topup_memory_caches+0x83/0x300 [ 313.058935] ? kvm_vcpu_kick+0xef/0x1f0 [ 313.062917] kvm_mmu_load+0x1e/0xc90 [ 313.066640] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 313.072550] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 313.077596] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 313.082805] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 313.088939] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 313.093795] ? lock_acquire+0x170/0x3f0 [ 313.097966] ? lock_downgrade+0x6e0/0x6e0 [ 313.102793] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 313.109306] kvm_vcpu_ioctl+0x3df/0xc70 [ 313.113853] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 313.120035] ? trace_hardirqs_on+0x10/0x10 [ 313.124322] ? __fdget_pos+0xa6/0xc0 [ 313.128483] ? fsnotify+0x897/0x1110 [ 313.133021] ? __vfs_write+0xec/0x630 [ 313.136928] ? proc_tid_io_accounting+0x20/0x20 [ 313.142044] ? SyS_write+0x1b7/0x210 [ 313.146123] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 313.152644] do_vfs_ioctl+0x75a/0xfe0 [ 313.157069] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 313.162891] ? ioctl_preallocate+0x1a0/0x1a0 [ 313.167758] ? security_file_ioctl+0x76/0xb0 [ 313.172187] ? security_file_ioctl+0x83/0xb0 [ 313.177222] SyS_ioctl+0x7f/0xb0 [ 313.180593] ? do_vfs_ioctl+0xfe0/0xfe0 [ 313.184579] do_syscall_64+0x1d5/0x640 [ 313.188996] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 313.194303] RIP: 0033:0x45cb29 [ 313.197475] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 313.205172] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 313.212631] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 313.220517] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 313.228139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 313.235399] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:21 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) [ 314.035780] NOHZ: local_softirq_pending 08 [ 314.040963] NOHZ: local_softirq_pending 08 00:32:24 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:24 executing program 2 (fault-call:10 fault-nth:39): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:24 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r7) splice(r6, 0x0, r7, 0x0, 0x100000002, 0x0) ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000100)=r6) r8 = eventfd(0x0) r9 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x2, r0}) 00:32:24 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x50a100, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0xc) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r6) splice(r5, 0x0, r6, 0x0, 0x100000002, 0x0) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x4e20, 0x0, @mcast1}}, 0x0, 0x0, 0x4, 0x3}, 0x9c) sendto$packet(r1, &(0x7f0000000240)="86efcafc597fcf9e22afd4fca28da2b2eaf61ab62aa86b4dd755577e29fd3d9e43c75382bfe020bf803cce736ff315ae53c69ee99df3ac57a959fa1caf73b8a59db602db3c1cf58c8162b2cba633857821e3b09318ac4cf078d9f7bca7eeec551b6ac4361ed0689fa54fcf81a0773a7ce3028cc301d1fcba95c97700a569486a0bf94c1104fb8d", 0x87, 0x4, &(0x7f0000000140)={0x11, 0x15, 0x0, 0x1, 0xb, 0x6, @link_local}, 0x14) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x75, &(0x7f0000000040)={r8}, 0x8) r9 = dup3(r3, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x3}) 00:32:24 executing program 1: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r1) splice(r0, 0x0, r1, 0x0, 0x100000002, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000140)={0x10200, 0x2, 0xe002, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) r2 = eventfd(0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x501, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x80880, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd(0x0) r8 = dup3(r6, r4, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x2, r2}) r9 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x30080, 0x0) ioctl$SIOCNRDECOBS(r9, 0x89e2) 00:32:24 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) [ 315.567220] FAULT_INJECTION: forcing a failure. [ 315.567220] name failslab, interval 1, probability 0, space 0, times 0 [ 315.595552] CPU: 1 PID: 16421 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 315.605420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 00:32:24 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r3) splice(r2, 0x0, r3, 0x0, 0x100000002, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000240)={0x0, @in={{0x2, 0x4e22, @loopback}}, 0x1, 0x40, 0x2, 0x80, 0x18, 0x80, 0x3}, 0x9c) vmsplice(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r5) splice(r4, 0x0, r5, 0x0, 0x100000002, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = eventfd(0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000000)={r9}) r10 = dup3(r8, r6, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r9, 0x0, 0x3}) [ 315.615997] Call Trace: [ 315.618605] dump_stack+0x1b2/0x283 [ 315.622655] should_fail.cold+0x10a/0x154 [ 315.626817] should_failslab+0xd6/0x130 [ 315.630811] kmem_cache_alloc+0x28e/0x3c0 [ 315.635620] mmu_topup_memory_caches+0x83/0x300 [ 315.640295] ? kvm_vcpu_kick+0xef/0x1f0 [ 315.644305] kvm_mmu_load+0x1e/0xc90 [ 315.648290] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 315.653836] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 315.658780] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 00:32:24 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x8}, 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) setsockopt$inet6_icmp_ICMP_FILTER(r7, 0x1, 0x1, &(0x7f0000000040)={0x10000}, 0x4) [ 315.663730] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 315.669896] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 315.674748] ? lock_acquire+0x170/0x3f0 [ 315.678730] ? lock_downgrade+0x6e0/0x6e0 [ 315.683907] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 315.688066] kvm_vcpu_ioctl+0x3df/0xc70 [ 315.692322] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 315.698481] ? trace_hardirqs_on+0x10/0x10 [ 315.702991] ? __fdget_pos+0xa6/0xc0 [ 315.708367] ? fsnotify+0x897/0x1110 [ 315.712140] ? __vfs_write+0xec/0x630 [ 315.716042] ? proc_tid_io_accounting+0x20/0x20 [ 315.721104] ? SyS_write+0x1b7/0x210 [ 315.725462] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 315.733098] do_vfs_ioctl+0x75a/0xfe0 [ 315.738168] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 315.745542] ? ioctl_preallocate+0x1a0/0x1a0 [ 315.750319] ? security_file_ioctl+0x76/0xb0 [ 315.755241] ? security_file_ioctl+0x83/0xb0 [ 315.759838] SyS_ioctl+0x7f/0xb0 [ 315.763213] ? do_vfs_ioctl+0xfe0/0xfe0 [ 315.767199] do_syscall_64+0x1d5/0x640 [ 315.772463] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 315.777654] RIP: 0033:0x45cb29 [ 315.780859] RSP: 002b:00007fd83c153c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 315.789396] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 315.797311] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 315.805800] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 00:32:24 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4}) r5 = dup3(r3, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x3}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r7) splice(r6, 0x0, r7, 0x0, 0x100000002, 0x0) ioctl$PIO_UNIMAP(r7, 0x4b67, &(0x7f00000000c0)={0x9, &(0x7f0000000040)=[{0x7}, {0xffff, 0x6}, {0x2, 0x3}, {0x7, 0xc38}, {0x7, 0x8}, {0x7ff, 0x2}, {}, {0x6, 0x7ff}, {0x3}]}) 00:32:24 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x1, 0x0) getsockopt$netrom_NETROM_N2(r3, 0x103, 0x3, &(0x7f0000000100)=0x1, &(0x7f0000000140)=0x4) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = eventfd(0x0) umount2(&(0x7f0000000200)='./file0\x00', 0x8) r5 = dup3(0xffffffffffffffff, r2, 0x0) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/btrfs-control\x00', 0x8000, 0x0) ioctl$PPPIOCGCHAN(r6, 0x80047437, &(0x7f00000001c0)) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 315.813523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 315.820886] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1546d4 00:32:24 executing program 1: eventfd(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x1a3002, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r1, 0x118, 0x1, &(0x7f00000001c0), 0x4) r3 = accept$nfc_llcp(r1, &(0x7f0000000300), &(0x7f0000000140)=0x60) getsockopt$nfc_llcp(r3, 0x118, 0x3, &(0x7f0000000380)=""/215, 0xd7) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x80a43, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) eventfd(0x23ffc) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r1) splice(r6, 0x0, r7, 0x0, 0x100000002, 0x0) ioctl$BLKPBSZGET(r6, 0x127b, &(0x7f00000000c0)) setsockopt$bt_BT_FLUSHABLE(r5, 0x112, 0x8, &(0x7f0000000080)=0x1, 0x4) dup3(0xffffffffffffffff, r0, 0x0) 00:32:24 executing program 2 (fault-call:10 fault-nth:40): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 316.031671] FAULT_INJECTION: forcing a failure. [ 316.031671] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 316.050440] CPU: 1 PID: 16493 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 316.058377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.067740] Call Trace: [ 316.070343] dump_stack+0x1b2/0x283 [ 316.073988] should_fail.cold+0x10a/0x154 [ 316.078228] __alloc_pages_nodemask+0x22b/0x2730 [ 316.082996] ? kmem_cache_alloc+0x124/0x3c0 [ 316.087331] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 316.092441] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 316.096594] ? do_vfs_ioctl+0x75a/0xfe0 [ 316.100572] ? SyS_ioctl+0x7f/0xb0 [ 316.104116] ? do_syscall_64+0x1d5/0x640 [ 316.108195] ? trace_hardirqs_on+0x10/0x10 [ 316.112705] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 316.118011] ? cache_alloc_refill+0x1e8/0x360 [ 316.122512] ? fs_reclaim_acquire+0x10/0x10 [ 316.126854] ? mmu_topup_memory_caches+0x83/0x300 [ 316.131779] alloc_pages_current+0xe7/0x1e0 [ 316.136104] ? kmem_cache_alloc+0x35f/0x3c0 [ 316.140434] __get_free_pages+0xb/0x40 [ 316.144323] mmu_topup_memory_caches+0x187/0x300 [ 316.149081] ? kvm_vcpu_kick+0xef/0x1f0 [ 316.153059] kvm_mmu_load+0x1e/0xc90 [ 316.156775] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 316.162227] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 316.167162] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 316.172099] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 316.177566] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 316.182411] ? lock_acquire+0x170/0x3f0 [ 316.186388] ? lock_downgrade+0x6e0/0x6e0 [ 316.190975] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 316.195100] kvm_vcpu_ioctl+0x3df/0xc70 [ 316.199142] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 316.205006] ? trace_hardirqs_on+0x10/0x10 [ 316.209246] ? __fdget_pos+0xa6/0xc0 [ 316.212948] ? fsnotify+0x897/0x1110 [ 316.216636] ? __vfs_write+0xec/0x630 [ 316.220426] ? proc_tid_io_accounting+0x20/0x20 [ 316.225069] ? SyS_write+0x1b7/0x210 [ 316.228772] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 316.234821] do_vfs_ioctl+0x75a/0xfe0 [ 316.238598] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 316.244196] ? ioctl_preallocate+0x1a0/0x1a0 [ 316.248588] ? security_file_ioctl+0x76/0xb0 [ 316.252975] ? security_file_ioctl+0x83/0xb0 [ 316.257359] SyS_ioctl+0x7f/0xb0 [ 316.260709] ? do_vfs_ioctl+0xfe0/0xfe0 [ 316.264660] do_syscall_64+0x1d5/0x640 [ 316.268551] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 316.273732] RIP: 0033:0x45cb29 [ 316.276912] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 316.284611] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 316.291892] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 316.299138] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 316.306385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 316.313632] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:27 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:27 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r7) splice(r6, 0x0, r7, 0x0, 0x100000002, 0x0) ioctl$KVM_GET_NR_MMU_PAGES(r6, 0xae45, 0x4) r8 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:32:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) bind$isdn_base(r7, &(0x7f0000000040)={0x22, 0x26, 0x0, 0x7}, 0x6) r9 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:32:27 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x480001, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:32:27 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:32:27 executing program 2 (fault-call:10 fault-nth:41): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 318.537415] FAULT_INJECTION: forcing a failure. [ 318.537415] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 318.592946] CPU: 0 PID: 16530 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 318.600883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 318.610240] Call Trace: [ 318.612865] dump_stack+0x1b2/0x283 [ 318.616548] should_fail.cold+0x10a/0x154 [ 318.620708] __alloc_pages_nodemask+0x22b/0x2730 [ 318.625468] ? kmem_cache_alloc+0x124/0x3c0 [ 318.629797] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 318.634925] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 318.639075] ? do_vfs_ioctl+0x75a/0xfe0 [ 318.643062] ? trace_hardirqs_on+0x10/0x10 [ 318.647309] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 318.652154] ? cache_alloc_refill+0x1e8/0x360 [ 318.656673] ? fs_reclaim_acquire+0x10/0x10 [ 318.661005] ? mmu_topup_memory_caches+0x83/0x300 [ 318.666812] alloc_pages_current+0xe7/0x1e0 [ 318.671141] ? kmem_cache_alloc+0x35f/0x3c0 [ 318.675472] __get_free_pages+0xb/0x40 [ 318.679364] mmu_topup_memory_caches+0x187/0x300 [ 318.684112] ? kvm_vcpu_kick+0xef/0x1f0 [ 318.688211] kvm_mmu_load+0x1e/0xc90 [ 318.691917] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 318.697383] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 318.702387] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 318.707312] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 318.712753] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 318.717578] ? lock_acquire+0x170/0x3f0 [ 318.721560] ? lock_downgrade+0x6e0/0x6e0 [ 318.725709] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 318.729836] kvm_vcpu_ioctl+0x3df/0xc70 [ 318.733814] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 318.739690] ? trace_hardirqs_on+0x10/0x10 [ 318.743909] ? __fdget_pos+0xa6/0xc0 [ 318.747622] ? fsnotify+0x897/0x1110 [ 318.751314] ? __vfs_write+0xec/0x630 [ 318.755188] ? proc_tid_io_accounting+0x20/0x20 [ 318.759966] ? SyS_write+0x1b7/0x210 [ 318.763669] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 318.769630] do_vfs_ioctl+0x75a/0xfe0 [ 318.773415] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 318.779020] ? ioctl_preallocate+0x1a0/0x1a0 [ 318.783416] ? security_file_ioctl+0x76/0xb0 [ 318.787803] ? security_file_ioctl+0x83/0xb0 [ 318.792192] SyS_ioctl+0x7f/0xb0 [ 318.795556] ? do_vfs_ioctl+0xfe0/0xfe0 [ 318.799512] do_syscall_64+0x1d5/0x640 [ 318.803385] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 318.808553] RIP: 0033:0x45cb29 [ 318.811725] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 318.819419] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 318.826673] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 318.833920] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 318.841191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 318.848444] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:27 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r4, 0x118, 0x1, &(0x7f00000001c0), 0x4) syncfs(r4) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r6 = eventfd(0x0) r7 = dup3(r5, r2, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x2, r0}) 00:32:27 executing program 2 (fault-call:10 fault-nth:42): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000002, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) r9 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r9, 0x118, 0x1, &(0x7f00000001c0), 0x4) ioctl$VIDIOC_TRY_EXT_CTRLS(r2, 0xc0205649, &(0x7f0000000340)={0x10000, 0x2, 0x9, r9, 0x0, &(0x7f0000000300)={0x990af9, 0x10001, [], @p_u8=&(0x7f00000002c0)=0x3}}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)=ANY=[@ANYBLOB="4126c59e", @ANYRES16=0x0, @ANYBLOB="08002bbd7000fcdbdf25010000000c00060002000000000000001c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100000000003400078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB="08000100", @ANYRES32=r10, @ANYBLOB="08000100000000000c0002000200000000000000"], 0x8c}, 0x1, 0x0, 0x0, 0x4}, 0x1) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r11 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r11, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:32:27 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r9, 0x84, 0x9, &(0x7f0000000340)={r10, @in6={{0xa, 0x4e20, 0x0, @mcast1}}, 0x0, 0x0, 0x4}, 0x9c) setsockopt$inet_sctp6_SCTP_RTOINFO(r8, 0x84, 0x0, &(0x7f0000000000)={r10, 0xe6e2, 0x2, 0x7}, 0x10) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 319.054841] FAULT_INJECTION: forcing a failure. [ 319.054841] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 319.087512] CPU: 1 PID: 16594 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 319.095439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.104798] Call Trace: [ 319.107446] dump_stack+0x1b2/0x283 [ 319.111088] should_fail.cold+0x10a/0x154 [ 319.115251] __alloc_pages_nodemask+0x22b/0x2730 [ 319.120020] ? kmem_cache_alloc+0x124/0x3c0 [ 319.124354] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 319.129495] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 319.133647] ? do_vfs_ioctl+0x75a/0xfe0 [ 319.137628] ? trace_hardirqs_on+0x10/0x10 [ 319.141873] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 319.146726] ? cache_alloc_refill+0x1e8/0x360 [ 319.151233] ? fs_reclaim_acquire+0x10/0x10 [ 319.155569] ? mmu_topup_memory_caches+0x83/0x300 [ 319.160421] alloc_pages_current+0xe7/0x1e0 [ 319.164747] ? kmem_cache_alloc+0x35f/0x3c0 [ 319.169097] __get_free_pages+0xb/0x40 [ 319.172968] mmu_topup_memory_caches+0x187/0x300 [ 319.177734] ? kvm_vcpu_kick+0xef/0x1f0 [ 319.181689] kvm_mmu_load+0x1e/0xc90 [ 319.185384] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 319.190820] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 319.195736] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 319.200661] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 319.206103] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 319.210930] ? lock_acquire+0x170/0x3f0 [ 319.214904] ? lock_downgrade+0x6e0/0x6e0 [ 319.219039] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 319.223181] kvm_vcpu_ioctl+0x3df/0xc70 [ 319.227144] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 319.233015] ? trace_hardirqs_on+0x10/0x10 [ 319.237334] ? __fdget_pos+0xa6/0xc0 [ 319.241814] ? fsnotify+0x897/0x1110 [ 319.245504] ? __vfs_write+0xec/0x630 [ 319.249283] ? proc_tid_io_accounting+0x20/0x20 [ 319.253928] ? SyS_write+0x1b7/0x210 [ 319.257632] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 319.263500] do_vfs_ioctl+0x75a/0xfe0 [ 319.267280] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 319.272891] ? ioctl_preallocate+0x1a0/0x1a0 [ 319.277290] ? security_file_ioctl+0x76/0xb0 [ 319.281680] ? security_file_ioctl+0x83/0xb0 [ 319.286114] SyS_ioctl+0x7f/0xb0 [ 319.289506] ? do_vfs_ioctl+0xfe0/0xfe0 [ 319.293460] do_syscall_64+0x1d5/0x640 [ 319.297334] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 319.302500] RIP: 0033:0x45cb29 00:32:28 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) [ 319.305666] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 319.313352] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 319.320687] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 319.327936] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 319.335191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 319.342598] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:28 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) getsockopt$ARPT_SO_GET_INFO(r2, 0x0, 0x60, &(0x7f00000000c0)={'filter\x00'}, &(0x7f0000000040)=0x44) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) lsetxattr$security_capability(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.capability\x00', &(0x7f0000000240)=@v2={0x2000000, [{0x30, 0x6}, {0x8000, 0x7f}]}, 0x14, 0x0) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:32:30 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:30 executing program 3: r0 = eventfd(0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r1, 0x118, 0x1, &(0x7f00000001c0), 0x4) ioctl(r1, 0x718, &(0x7f0000000100)="a6d3f932b0da80a121f03110da191bf881603101ca2f189bed04e6c14d0f821152fb75224b7859eeea0e6af0edc279a7e3299772d40d2bde1161b467bff2a97595222d041699cf1ae3f4d0d198f217f4090c53321ba2814d0c9748e9282696eddc8d0657715bada3cfa5ffcc90f187b85ee7bf98d6318d5d0fe2e9c841a144b7df6ce33bf4e949995fe425175807352f79") r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x83, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x2, r0}) 00:32:30 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = eventfd(0x0) r5 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r5, 0x118, 0x1, &(0x7f00000001c0), 0x4) r6 = dup3(r5, r2, 0x80000) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x20, r9, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$NL80211_CMD_GET_MPP(r7, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c008000", @ANYRES16=r9, @ANYBLOB="00022bbd7000fbdbdf256b0000000800010002000000"], 0x1c}, 0x1, 0x0, 0x0, 0x8004}, 0x800) r10 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r10, 0x118, 0x1, &(0x7f00000001c0), 0x4) read(r10, &(0x7f0000000000)=""/56, 0x38) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:32:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x68240, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r1, 0xc040564b, &(0x7f00000000c0)={0x3ff, 0x0, 0x5001, 0x1f, 0x8, {0xfc72, 0x7f}, 0x1}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r4, 0x118, 0x1, &(0x7f00000001c0), 0x4) r5 = dup3(0xffffffffffffffff, r4, 0x80000) getsockopt$inet_mreqsrc(r5, 0x0, 0x26, &(0x7f0000000100)={@local, @rand_addr, @local}, &(0x7f0000000140)=0xc) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = eventfd(0x0) r10 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r10, 0x118, 0x1, &(0x7f00000001c0), 0x4) listen(r10, 0x20) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000000)={r9}) r11 = dup3(r8, r6, 0x0) ioctl$KVM_IRQFD(r11, 0x4020ae76, &(0x7f0000000080)={r9, 0x0, 0x3}) 00:32:30 executing program 2 (fault-call:10 fault-nth:43): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:30 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) [ 321.654100] FAULT_INJECTION: forcing a failure. [ 321.654100] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 321.668461] CPU: 0 PID: 16687 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 321.676543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 321.685908] Call Trace: [ 321.688937] dump_stack+0x1b2/0x283 [ 321.692929] should_fail.cold+0x10a/0x154 [ 321.697100] __alloc_pages_nodemask+0x22b/0x2730 [ 321.701875] ? kmem_cache_alloc+0x124/0x3c0 [ 321.706313] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 321.711946] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 321.716126] ? do_vfs_ioctl+0x75a/0xfe0 [ 321.720203] ? trace_hardirqs_on+0x10/0x10 [ 321.724898] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 321.729760] ? cache_alloc_refill+0x310/0x360 [ 321.734360] ? fs_reclaim_acquire+0x10/0x10 [ 321.738704] ? mmu_topup_memory_caches+0x83/0x300 [ 321.744092] alloc_pages_current+0xe7/0x1e0 [ 321.748861] ? kmem_cache_alloc+0x35f/0x3c0 [ 321.753194] __get_free_pages+0xb/0x40 [ 321.757087] mmu_topup_memory_caches+0x187/0x300 [ 321.761939] ? kvm_vcpu_kick+0xef/0x1f0 [ 321.765935] kvm_mmu_load+0x1e/0xc90 [ 321.770173] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 321.775907] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 321.780850] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 321.786033] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 321.791938] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 321.796792] ? lock_acquire+0x170/0x3f0 [ 321.800844] ? lock_downgrade+0x6e0/0x6e0 [ 321.804985] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 321.809115] kvm_vcpu_ioctl+0x3df/0xc70 [ 321.813083] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 321.818966] ? trace_hardirqs_on+0x10/0x10 [ 321.823189] ? __fdget_pos+0xa6/0xc0 [ 321.826890] ? fsnotify+0x897/0x1110 [ 321.830583] ? __vfs_write+0xec/0x630 [ 321.834364] ? proc_tid_io_accounting+0x20/0x20 [ 321.839012] ? SyS_write+0x1b7/0x210 [ 321.842720] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 321.848864] do_vfs_ioctl+0x75a/0xfe0 [ 321.852685] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 321.858377] ? ioctl_preallocate+0x1a0/0x1a0 [ 321.862772] ? security_file_ioctl+0x76/0xb0 [ 321.867157] ? security_file_ioctl+0x83/0xb0 [ 321.871555] SyS_ioctl+0x7f/0xb0 [ 321.874939] ? do_vfs_ioctl+0xfe0/0xfe0 [ 321.878897] do_syscall_64+0x1d5/0x640 [ 321.882785] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 321.887960] RIP: 0033:0x45cb29 [ 321.891134] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 00:32:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) dup3(r5, r3, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r9, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r9) splice(r8, 0x0, r9, 0x0, 0x100000002, 0x0) r10 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x4b6, 0x80000) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f00000000c0)={r9, 0x0, 0x3, r7}) 00:32:30 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r5) splice(r4, 0x0, r5, 0x0, 0x100000002, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000000)={0x9, 0x3, 0xca1, 0x2}, 0x8) r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r7 = eventfd(0x0) r8 = dup3(r6, r2, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x2, r0}) 00:32:30 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x7, r0}) [ 321.898820] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 321.906067] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 321.913322] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 321.921811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 321.929564] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:30 executing program 2 (fault-call:10 fault-nth:44): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r2) splice(r1, 0x0, r2, 0x0, 0x100000002, 0x0) ioctl$VIDIOC_G_EDID(r2, 0xc0285628, &(0x7f00000000c0)={0x0, 0x4, 0x9, [], &(0x7f0000000040)=0x6}) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x1a7a80, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000000)={r8}) r9 = dup3(r7, r5, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x3}) [ 322.076967] FAULT_INJECTION: forcing a failure. [ 322.076967] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 322.099319] CPU: 1 PID: 16758 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 322.107763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.117121] Call Trace: [ 322.119718] dump_stack+0x1b2/0x283 [ 322.123377] should_fail.cold+0x10a/0x154 [ 322.127547] __alloc_pages_nodemask+0x22b/0x2730 [ 322.132310] ? kmem_cache_alloc+0x124/0x3c0 [ 322.136815] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 322.141926] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 322.146077] ? do_vfs_ioctl+0x75a/0xfe0 [ 322.150062] ? trace_hardirqs_on+0x10/0x10 [ 322.154319] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 322.159174] ? fs_reclaim_acquire+0x10/0x10 [ 322.163517] ? mmu_topup_memory_caches+0x83/0x300 [ 322.168369] alloc_pages_current+0xe7/0x1e0 [ 322.172833] ? kmem_cache_alloc+0x35f/0x3c0 [ 322.177254] __get_free_pages+0xb/0x40 [ 322.181184] mmu_topup_memory_caches+0x187/0x300 [ 322.185954] ? kvm_vcpu_kick+0xef/0x1f0 [ 322.189944] kvm_mmu_load+0x1e/0xc90 [ 322.193665] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 322.199122] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 322.204061] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 322.208997] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 322.214461] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 322.219314] ? lock_acquire+0x170/0x3f0 [ 322.223291] ? lock_downgrade+0x6e0/0x6e0 [ 322.227448] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 322.231599] kvm_vcpu_ioctl+0x3df/0xc70 [ 322.235585] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 322.242176] ? trace_hardirqs_on+0x10/0x10 [ 322.246415] ? __fdget_pos+0xa6/0xc0 [ 322.250320] ? fsnotify+0x897/0x1110 [ 322.254039] ? __vfs_write+0xec/0x630 [ 322.257849] ? proc_tid_io_accounting+0x20/0x20 [ 322.262526] ? SyS_write+0x1b7/0x210 [ 322.266437] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 322.272329] do_vfs_ioctl+0x75a/0xfe0 [ 322.276154] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 322.281938] ? ioctl_preallocate+0x1a0/0x1a0 [ 322.286363] ? security_file_ioctl+0x76/0xb0 [ 322.290861] ? security_file_ioctl+0x83/0xb0 [ 322.295283] SyS_ioctl+0x7f/0xb0 [ 322.298657] ? do_vfs_ioctl+0xfe0/0xfe0 [ 322.302640] do_syscall_64+0x1d5/0x640 [ 322.306543] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 322.311739] RIP: 0033:0x45cb29 [ 322.314925] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 00:32:30 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) [ 322.323590] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 322.330870] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 322.338145] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 322.346371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 322.353642] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:33 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:33 executing program 1: r0 = eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r3, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) sendmsg$IPSET_CMD_SWAP(r5, &(0x7f0000000240)={&(0x7f0000000100), 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x84, 0x6, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}]}, 0x84}, 0x1, 0x0, 0x0, 0x8000}, 0x0) connect$llc(r5, &(0x7f0000000000)={0x1a, 0xf, 0x33, 0x1, 0x9, 0x6}, 0x10) 00:32:33 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:32:33 executing program 2 (fault-call:10 fault-nth:45): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:33 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = eventfd(0x0) r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r4, 0x118, 0x1, &(0x7f00000001c0), 0x4) r5 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r5, 0x118, 0x1, &(0x7f00000001c0), 0x4) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r6, 0x118, 0x1, &(0x7f00000001c0), 0x4) fremovexattr(r6, &(0x7f0000000000)=@random={'osx.', '/dev/kvm\x00'}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) setsockopt$inet6_MRT6_DEL_MFC(r7, 0x29, 0xcd, &(0x7f0000000100)={{0xa, 0x4e21, 0x7f, @mcast2}, {0xa, 0x4e20, 0x101, @local, 0x401}, 0xf6, [0x0, 0x8, 0x5, 0x3, 0xfffffff4, 0x8001, 0x2, 0x9]}, 0x5c) r9 = dup3(r5, r4, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) 00:32:33 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$TCSETA(r2, 0x5406, &(0x7f0000000040)={0x1, 0x401, 0x1, 0x3f, 0x18, "ae865b68fa5c630f"}) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x20, r9, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) sendmsg$NL80211_CMD_GET_REG(r7, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x6c, r9, 0x300, 0x70bd2b, 0x25dfdbff, {}, [@NL80211_ATTR_REG_RULES={0x1c, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x7}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x5}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x8}]}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}, @NL80211_ATTR_REG_RULES={0x2c, 0x22, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x20}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x8000}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x9}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x8}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x200}]}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}]}, 0x6c}, 0x1, 0x0, 0x0, 0x24040010}, 0x4) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r10 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 324.615231] FAULT_INJECTION: forcing a failure. [ 324.615231] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 324.640654] CPU: 0 PID: 16830 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 324.648578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 324.657935] Call Trace: [ 324.660533] dump_stack+0x1b2/0x283 [ 324.664172] should_fail.cold+0x10a/0x154 [ 324.668332] __alloc_pages_nodemask+0x22b/0x2730 [ 324.673537] ? kmem_cache_alloc+0x124/0x3c0 [ 324.677875] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 324.682980] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 324.687133] ? do_vfs_ioctl+0x75a/0xfe0 [ 324.691116] ? trace_hardirqs_on+0x10/0x10 [ 324.695361] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 324.700220] ? fs_reclaim_acquire+0x10/0x10 [ 324.704560] ? mmu_topup_memory_caches+0x83/0x300 [ 324.709464] alloc_pages_current+0xe7/0x1e0 [ 324.713788] ? kmem_cache_alloc+0x35f/0x3c0 [ 324.718113] __get_free_pages+0xb/0x40 [ 324.722002] mmu_topup_memory_caches+0x187/0x300 [ 324.726757] ? kvm_vcpu_kick+0xef/0x1f0 [ 324.730739] kvm_mmu_load+0x1e/0xc90 [ 324.734453] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 324.739907] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 324.744854] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 324.749792] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 324.755255] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 324.760103] ? lock_acquire+0x170/0x3f0 [ 324.764079] ? lock_downgrade+0x6e0/0x6e0 [ 324.768230] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 324.772376] kvm_vcpu_ioctl+0x3df/0xc70 [ 324.776353] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 324.782240] ? trace_hardirqs_on+0x10/0x10 [ 324.786478] ? __fdget_pos+0xa6/0xc0 [ 324.790201] ? fsnotify+0x897/0x1110 [ 324.793920] ? __vfs_write+0xec/0x630 [ 324.797721] ? proc_tid_io_accounting+0x20/0x20 [ 324.802388] ? SyS_write+0x1b7/0x210 [ 324.806108] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 324.811992] do_vfs_ioctl+0x75a/0xfe0 00:32:33 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20040, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r4) splice(r3, 0x0, r4, 0x0, 0x100000002, 0x0) write$P9_RSTATFS(r3, &(0x7f0000000100)={0x43, 0x9, 0x2, {0x31d4, 0x8, 0x8, 0x4, 0x40, 0xfffffffffffffffb, 0x7fffffff, 0x0, 0x401}}, 0x43) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd(0x0) r8 = dup3(r6, r2, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x2, r0}) [ 324.815796] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 324.821463] ? ioctl_preallocate+0x1a0/0x1a0 [ 324.825888] ? security_file_ioctl+0x76/0xb0 [ 324.830390] ? security_file_ioctl+0x83/0xb0 [ 324.834906] SyS_ioctl+0x7f/0xb0 [ 324.838806] ? do_vfs_ioctl+0xfe0/0xfe0 [ 324.842784] do_syscall_64+0x1d5/0x640 [ 324.846688] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 324.851881] RIP: 0033:0x45cb29 [ 324.855067] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 00:32:33 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r7, 0x118, 0x1, &(0x7f00000001c0), 0x4) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r9, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r9) splice(r8, 0x0, r9, 0x0, 0x100000002, 0x0) ioctl$PPPIOCSMRRU(r9, 0x4004743b, &(0x7f00000003c0)=0xae4) sendmsg$sock(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)="05ed6cfad226e2d28cf0851688008669469bd426c917bdd2a06a335ae3f3d6234681735bf152aa6a7ee8880736ff39e257a836dc7b546203d14758ab75419e1831b1f6ae5ce4969f46fc8ab6b4982458c0392fa72c4ac1ee5f35c0ce715b1e30dfbe58333c75b2ab94c363049272755cf736ff8bb48c90b3f9c312b84183871ae0d66062fc9aad5ea2afe3888c3952e26c3b7203b5f9fa63dabe017dfe94605cc589f48e7c559eff723ada922d0ac3f83827385c750d82af3ea4c8076b97975ec28610cf0e70b93f0d3a05c1fc10f71353b8881d571b19b3b245eabe3b63", 0xde}, {&(0x7f0000000040)="dd191e16fd12a8a6188a7b", 0xb}], 0x2, &(0x7f0000000280)=[@timestamping={{0x14, 0x1, 0x25, 0x80000000}}, @mark={{0x14, 0x1, 0x24, 0x3}}, @mark={{0x14, 0x1, 0x24, 0x7}}, @timestamping={{0x14}}, @timestamping={{0x14, 0x1, 0x25, 0x1}}, @timestamping={{0x14, 0x1, 0x25, 0x7}}, @txtime={{0x18, 0x1, 0x3d, 0x100000000000000}}, @mark={{0x14, 0x1, 0x24, 0x1}}, @timestamping={{0x14, 0x1, 0x25, 0x9f0}}, @timestamping={{0x14, 0x1, 0x25, 0xbb1}}], 0xf0}, 0x20008811) r10 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 324.862774] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 324.870127] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 324.877487] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 324.884844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 324.892120] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:33 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:33 executing program 3: r0 = eventfd(0x0) sigaltstack(&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x2, r0}) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, &(0x7f0000000100)={0x7, &(0x7f00000000c0)=[{0x9a, 0xfffc}, {0x5, 0x3}, {}, {0xfffa, 0x83b}, {0x3ff, 0x100}, {0x1, 0x1518}, {0x5, 0x4}]}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r7) splice(r6, 0x0, r7, 0x0, 0x100000002, 0x0) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00') sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)={0xb0, r8, 0x0, 0x70bd2c, 0x25dfdbfe, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x9}, {0x6}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x6}, {0x8, 0xb, 0x1}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x9}, {0x5}, {0x6}, {0x8, 0xb, 0x200}}]}, 0xb0}}, 0x800) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r6, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x150, r8, 0x200, 0x70bd26, 0x25dfdbfc, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0xd, 0x87, 'l2_drops\x00'}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0xd, 0x87, 'l2_drops\x00'}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd, 0x87, 'l2_drops\x00'}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0xd, 0x87, 'l2_drops\x00'}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0xd, 0x87, 'l2_drops\x00'}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0xd, 0x87, 'l2_drops\x00'}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd, 0x87, 'l2_drops\x00'}}]}, 0x150}, 0x1, 0x0, 0x0, 0x80}, 0x4) 00:32:33 executing program 2 (fault-call:10 fault-nth:46): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:33 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x543040, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6, 0x0, 0x9}) r7 = dup3(r5, r3, 0x0) r8 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa\x00', 0xa0000, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r8, 0x8, 0x7}) 00:32:33 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_GET_EMULATED_CPUID(r2, 0xc008ae09, &(0x7f0000000100)=""/190) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 325.174318] FAULT_INJECTION: forcing a failure. [ 325.174318] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 325.189178] CPU: 0 PID: 16916 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 325.197080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 325.206527] Call Trace: [ 325.209130] dump_stack+0x1b2/0x283 [ 325.212773] should_fail.cold+0x10a/0x154 [ 325.216935] __alloc_pages_nodemask+0x22b/0x2730 00:32:33 executing program 1: r0 = eventfd(0x0) pselect6(0x40, &(0x7f0000000000)={0x9, 0x1, 0x1, 0xfff, 0x7, 0x5, 0x100000000, 0x1}, &(0x7f0000000100)={0x4, 0x1000, 0x1, 0x1f, 0x0, 0x0, 0x8}, &(0x7f0000000140)={0x1e2, 0x2, 0x9, 0x0, 0xff, 0x4, 0xda, 0xd0}, &(0x7f0000000180)={0x0, 0x989680}, &(0x7f0000000200)={&(0x7f00000001c0)={[0x401]}, 0x8}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 325.221695] ? kmem_cache_alloc+0x124/0x3c0 [ 325.226025] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 325.231135] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 325.235313] ? do_vfs_ioctl+0x75a/0xfe0 [ 325.239299] ? trace_hardirqs_on+0x10/0x10 [ 325.243543] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 325.248396] ? fs_reclaim_acquire+0x10/0x10 [ 325.252847] ? mmu_topup_memory_caches+0x83/0x300 [ 325.257702] alloc_pages_current+0xe7/0x1e0 [ 325.262027] ? kmem_cache_alloc+0x35f/0x3c0 [ 325.266353] __get_free_pages+0xb/0x40 [ 325.270242] mmu_topup_memory_caches+0x187/0x300 [ 325.275008] ? kvm_vcpu_kick+0xef/0x1f0 [ 325.278990] kvm_mmu_load+0x1e/0xc90 [ 325.282799] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 325.288288] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 325.293233] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 325.298175] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 325.303654] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 325.308506] ? lock_acquire+0x170/0x3f0 [ 325.312487] ? lock_downgrade+0x6e0/0x6e0 [ 325.316650] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 325.320798] kvm_vcpu_ioctl+0x3df/0xc70 [ 325.324778] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 325.330671] ? trace_hardirqs_on+0x10/0x10 [ 325.335783] ? __fdget_pos+0xa6/0xc0 [ 325.339500] ? fsnotify+0x897/0x1110 [ 325.343212] ? __vfs_write+0xec/0x630 [ 325.347010] ? proc_tid_io_accounting+0x20/0x20 [ 325.351685] ? SyS_write+0x1b7/0x210 [ 325.355408] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 325.361297] do_vfs_ioctl+0x75a/0xfe0 [ 325.365105] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 00:32:34 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00'}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:32:34 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000380)={0x8}, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r7) splice(r6, 0x0, r7, 0x0, 0x100000002, 0x0) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000100)={0x10000, &(0x7f0000000000), 0x2, r7}) r8 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 325.370731] ? ioctl_preallocate+0x1a0/0x1a0 [ 325.375416] ? security_file_ioctl+0x76/0xb0 [ 325.379826] ? security_file_ioctl+0x83/0xb0 [ 325.384239] SyS_ioctl+0x7f/0xb0 [ 325.387601] ? do_vfs_ioctl+0xfe0/0xfe0 [ 325.391582] do_syscall_64+0x1d5/0x640 [ 325.396281] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 325.401468] RIP: 0033:0x45cb29 [ 325.404658] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 325.412358] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 00:32:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r3, 0x118, 0x1, &(0x7f00000001c0), 0x4) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f00000000c0)=0xc) ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000980)={&(0x7f0000000100)=[0x0], 0x1, 0x9}) process_vm_writev(r4, &(0x7f0000000140)=[{&(0x7f0000000100)}, {&(0x7f0000000240)=""/231, 0xe7}, {&(0x7f0000000340)=""/250, 0xfa}], 0x3, &(0x7f0000000900)=[{&(0x7f0000000440)=""/78, 0x4e}, {&(0x7f00000004c0)=""/249, 0xf9}, {&(0x7f0000000180)=""/8, 0x8}, {&(0x7f00000005c0)=""/117, 0x75}, {&(0x7f0000000640)=""/239, 0xef}, {&(0x7f0000000740)=""/98, 0x62}, {&(0x7f00000007c0)=""/45, 0x2d}, {&(0x7f0000000800)=""/202, 0xca}], 0x8, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000000)={r8}) r9 = dup3(r7, r5, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x3}) [ 325.419637] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 325.429596] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 325.436955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 325.444225] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:34 executing program 2 (fault-call:10 fault-nth:47): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:34 executing program 1: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r1) splice(r0, 0x0, r1, 0x0, 0x100000002, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r1, 0xc0205649, &(0x7f0000000140)={0x9f0000, 0x43f, 0xffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x9c0904, 0x7ff, [], @string=&(0x7f0000000000)=0x1f}}) ioctl$SIOCPNADDRESOURCE(r2, 0x89e0, &(0x7f0000000180)=0x8) r3 = eventfd(0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) r9 = dup3(r7, r5, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x2, r3}) 00:32:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r5) splice(r4, 0x0, r5, 0x0, 0x100000002, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd(0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={r7}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r9, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r9) splice(r8, 0x0, r9, 0x0, 0x100000002, 0x0) sendmsg$key(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="0205c002230000002bbd7000fddbdf25030005009a00000002004e2064010101000000000000000013001800041f8a00e52cc6f4b73df70d15edd719b6fb0830a8f3584e058ee04ae4125e5424defbd000ea060f0b0a029ee0971bbb78fce9082d341d6e168336cb107237127f532d70d32c2cf3a4232cf359adfd54cb74789806cfb0611ac2e0a5bce7e71c01efcfe77464f9e5ea0513dadd955afa3e2a5dfa2345a4d801b167565d50328a68a8f7f4c39253f877d0665c28909d000000000000070019000000000002004e21ac14142e00000000000000000a004e240000000900000000000000000000ffff000000000300000000000000040003000000000001000100000000000100"/281], 0x118}}, 0x40800) dup3(r6, r3, 0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000080)={r7, 0x6, 0x3}) [ 325.687518] FAULT_INJECTION: forcing a failure. [ 325.687518] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 325.712545] CPU: 1 PID: 17021 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 325.720816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 325.730178] Call Trace: [ 325.732788] dump_stack+0x1b2/0x283 [ 325.736468] should_fail.cold+0x10a/0x154 [ 325.741495] __alloc_pages_nodemask+0x22b/0x2730 [ 325.746267] ? kmem_cache_alloc+0x124/0x3c0 [ 325.750602] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 325.755710] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 325.759892] ? do_vfs_ioctl+0x75a/0xfe0 [ 325.763896] ? trace_hardirqs_on+0x10/0x10 [ 325.768147] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 325.773000] ? cache_alloc_refill+0x1e8/0x360 [ 325.777596] ? fs_reclaim_acquire+0x10/0x10 [ 325.781934] ? mmu_topup_memory_caches+0x83/0x300 [ 325.786798] alloc_pages_current+0xe7/0x1e0 [ 325.791475] ? kmem_cache_alloc+0x35f/0x3c0 [ 325.795812] __get_free_pages+0xb/0x40 [ 325.799710] mmu_topup_memory_caches+0x187/0x300 [ 325.804561] ? kvm_vcpu_kick+0xef/0x1f0 [ 325.808548] kvm_mmu_load+0x1e/0xc90 [ 325.812299] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 325.817758] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 325.822699] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 325.827639] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 325.833146] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 325.838037] ? lock_acquire+0x170/0x3f0 [ 325.842021] ? lock_downgrade+0x6e0/0x6e0 [ 325.846447] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 325.850605] kvm_vcpu_ioctl+0x3df/0xc70 [ 325.854721] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 325.860623] ? trace_hardirqs_on+0x10/0x10 [ 325.865061] ? __fdget_pos+0xa6/0xc0 [ 325.868789] ? fsnotify+0x897/0x1110 [ 325.872599] ? __vfs_write+0xec/0x630 [ 325.876583] ? proc_tid_io_accounting+0x20/0x20 [ 325.881351] ? SyS_write+0x1b7/0x210 [ 325.885430] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 325.891696] do_vfs_ioctl+0x75a/0xfe0 [ 325.896789] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 325.902731] ? ioctl_preallocate+0x1a0/0x1a0 [ 325.907334] ? security_file_ioctl+0x76/0xb0 [ 325.912919] ? security_file_ioctl+0x83/0xb0 [ 325.917721] SyS_ioctl+0x7f/0xb0 [ 325.921174] ? do_vfs_ioctl+0xfe0/0xfe0 [ 325.925135] do_syscall_64+0x1d5/0x640 [ 325.929970] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 325.935144] RIP: 0033:0x45cb29 [ 325.938338] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 325.947165] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 325.954697] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 325.962070] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 325.969911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 325.977726] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:36 executing program 2 (fault-call:10 fault-nth:48): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:36 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:36 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000000)=0xfff, 0x4) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r4) splice(r3, 0x0, r4, 0x0, 0x100000002, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r6) splice(r5, 0x0, r6, 0x0, 0x100000002, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r7) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = eventfd(0x0) r10 = dup3(r8, r2, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r9, 0x0, 0x2, r0}) 00:32:36 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r6, 0x118, 0x1, &(0x7f00000001c0), 0x4) r7 = fcntl$getown(r6, 0x9) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x1, r7}) r8 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r8}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r10, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r10) splice(r9, 0x0, r10, 0x0, 0x100000002, 0x0) ioctl$SCSI_IOCTL_STOP_UNIT(r9, 0x6) r11 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r11, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x3}) 00:32:36 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0xb7, &(0x7f0000000280)="b0fe910cd17c3d0ced679a01000000cd891969b71832cb570c94d61f3514dca7e9cdb970a4391ad8a3f613a4627a572fb547634f01dde818531a440ffee49aab8ecc0f2782ae08389dd0ea4fab5e122d903270eae99f87fd080025efd2cb7fc27884cc446046b71f807ae273b795b33aaa031bbea3648e0978c59527c4b8a788f21239106381ce07c0a3256b9ff529cda5cd43bf06c36531cedb1ed89068716975c447b000c4405e236f30119800ac33727062f59938ef"}}], 0x1c) wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33265be9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r6, 0x0, 0x0) tkill(r6, 0xc) ptrace$setregs(0xd, r6, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r6, 0x0, 0x0) r7 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:32:36 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00'}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:32:36 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 328.092825] FAULT_INJECTION: forcing a failure. [ 328.092825] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 328.147063] CPU: 1 PID: 17070 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 328.155218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 328.165422] Call Trace: [ 328.168129] dump_stack+0x1b2/0x283 [ 328.172119] should_fail.cold+0x10a/0x154 [ 328.176368] __alloc_pages_nodemask+0x22b/0x2730 [ 328.181246] ? kmem_cache_alloc+0x124/0x3c0 [ 328.185698] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 328.191853] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 328.196027] ? do_vfs_ioctl+0x75a/0xfe0 [ 328.200021] ? trace_hardirqs_on+0x10/0x10 [ 328.204843] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 328.212304] ? cache_alloc_refill+0x1e8/0x360 [ 328.216821] ? fs_reclaim_acquire+0x10/0x10 [ 328.221429] ? mmu_topup_memory_caches+0x83/0x300 [ 328.226814] alloc_pages_current+0xe7/0x1e0 [ 328.231356] ? kmem_cache_alloc+0x35f/0x3c0 [ 328.235688] __get_free_pages+0xb/0x40 [ 328.239587] mmu_topup_memory_caches+0x187/0x300 [ 328.244536] ? kvm_vcpu_kick+0xef/0x1f0 [ 328.248523] kvm_mmu_load+0x1e/0xc90 [ 328.252254] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 328.257720] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 328.262659] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 328.267599] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 328.273066] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 328.277927] ? lock_acquire+0x170/0x3f0 [ 328.281903] ? lock_downgrade+0x6e0/0x6e0 [ 328.286068] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 328.290226] kvm_vcpu_ioctl+0x3df/0xc70 00:32:36 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) io_setup(0x7, &(0x7f0000000080)=0x0) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r3, 0x118, 0x1, &(0x7f00000001c0), 0x4) io_cancel(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x101, r3, &(0x7f00000001c0)="33cf345d64857384e14fa17a1ee4150239ac5ea8b82fd14aa57bdc06a7eb0439f1a07659a16cfa02a3c0ea712414cca983e1f79165f888f3ab8a3dd8d681d7fe1d83fc9aeaef472d61632370d2f5002106d63c6bd29b7dbe2b6b414d2d691a6604c080b9d1f85cb2ef628deeb835a72f8feceb6cbf987e71f87c768338dcffe4ee6d95c50f910254603796423620498958be1af48cae96e693a5e124788e843f41e5ecadc8d7cc5ea387ed5101328887f80c0a56518b352c5e7c6062b1709b0a9ff9f47d1f871475f1f463cecd283e6edf82c71867bef72ca9540803787ded98a28c5eb1b05308e6acbad298330f6426c56fd4ad9f23590dbe546de55e13cffa9ced3742f321df66ca1f2d7dae8428f564841b695218db4a50e737a5952c0962fd031997690765df123867a4359301a96e85c24c3b06536c44eb17b20e9f213f248a08f65322df87cde6feffec58e423635688dda4a3cdb1da678c7ff5d465171f4b2d61340139d478b630c3eada1f350434e9bfc4696d25cf133eec7109c1c51ef1d736c9d64bb374bfbc74e0da5e1570f630d8ea79c31503d8f43b39a6fcebad1add74ef518338e3ec6a22a5e8118264288fffdaea036fcb2047a859d528e2d71e538325f0eb080d7eb30085f35c318df33e595008eb7a1b70854b9323b7457f37e73b9da73b1eeb2f573cce9828041d10da2afa669250566c1abaf6406d7660a0d5bf482e148f57d6e27ed6845c6e872fdcb771e0ed4929bea7b0fa43f5b3a5187e30c410817d9d1b346554359f12d0356bed73250c142c98b7f69b9fa60653f242b9dd5a5c1c84179fdb73de9e9bc2c14f8df464af5e6a07f4ed15bfd717f397b4ec621728af007ce1ab640ad79fc37df4e590064bde4f54bdd7aeef1410d67b8e8b2cbe6c10e6ba8562003db244a616823c2f51caf73db19893f5b8d97c986d911ac731a624782649c73139c702c2ea86b0106d10aea4243a988cbf4f1543e5e261f8379cf2d1580fffde0005b7cfc28a121ba361e3858301ebdd85d84a9e22b94eeb525d4bb1b2b3bb6bdcad0f039a2c73e9348ecec4cd53d0ca53d869ea0abda301c6c436d844bd1bec7ec765836bf7274b7d5a720bb73893ee718efc687badfc3f8555df3e8c8d74d839b1d5366d30e5eebb3c2ad2a61face342ce419e2ee61b407b0bb8cffe31ea0600c56b75289fe2dc37681b71f1fdfeee43d83b88fa0443afd4cb797d9785a3713eb43b9c0e0007053e627996372177d76d6dd5a2dc155decf6e55e17b6f8f26baf98829599c7c9917f2bb0fcfd6c9301227dd7cfaf0dd65e0ed898dd3cb185ebd9db3cd3214b35be95e3818b05a63e9c9751e64eef4bbab149418864d4e72473abf5534a2da5a6cb655d6c060f4480089fc623a9a6f953e96756d5a342f8e2c63c9a4941cffba4c7ae686123a6eeed6167c85b2ae10f1cc56c6c71ba2feff8b9dcd63c927a0a988e053590571fec16f114609e84d6ee1c17378667f1bfb8be874ba21befa6d4fd052aff7150c3d721988f7e310c1da8ce8d29da285929e2ed450b47eb527959e081d3cc6225eab9272a7376260b4be8e811f1c6c0f25370d3824bb15f6b64b275249c1ef43824477fe667f15a531a3fc41787bc0094ca9d76ad777f3d0a0dca8883f90b11f7cead949211b6eb75d852a524ee9cb0c89bd8df72a0bd40991e3c013b0e6d42a0d229c644c2f1cfd3880ead4de745e3fd6db00a497336146342d4dcc1fd2890dc21ac961388bccbced8b8d165377643268c7245bebbe36c3a2ce329a4b45e94863cd5ed9a9fb832b7d2eac3d56ed2e0886c6e1f2729698a45b0911f89d51b1096f4c77cb808f2192274dc02cf2af707e8661fcb17f6cc2f610ee80abf781b0bebf2ab96436095413ea9f5bf506276b124037f42fd469f82cc399192021cf79ef5adf9ac411d7532f50f1d5ba74609a4a6e206a6a6f1d9fa92027333656c63d2782be75f4511471adb1861f1fb797c5c80c59920b8983c27c784002e8054b28ea6b47780b87bb91e6cf1290b048eb2db1029b8b494587c2c1415bb2fdc8c0a0ea2c59ac7234adc453b9d62ecd60687ebda25769b04f9fd8dded48f14ecaf60db1b1fe58778b649d9f1799fc1d3a65b3f47d4141746ac0a526496a24a5190e87240921f74673b92b21c470342377d4c3cd037c1c0c776db8b530208a858b9ef5ee52eab0ab6780fb77a906b4368ca5d7fe57d193b27ad5c3c46c71ba7682c96fe172de6286add1a76d65a62d271154ebf4ee3d571d2dda9d711394dbc6db8c3995812f1e0aac6a1c963db5557ff6f8db2cde4a6b288175a07acffa7ab60ddd660c492f9f8bb078f5dd0801f8a6becd4559130e96eaae72c37c1af16661cfbebcc2057e632af37ca494570538e585a7c0cb788a2bd8cff660b97c5d2abdfd1f0d7c5c950e3280b7e8878fcfdcc20a34dfd6112981c12d4aa47aaed138689f4fac01022a45c02f65351a81d98a69ba8b0f5a6b89592fef7f353e7bc0122bbdeb7530df569a629fd98802ab73bc639ee41b00e19719115247b2bd158493f50a5bfec0ffafe0682b845af1361af55909d9cedcc9539f47eec8d73fa4e6d2c40905b3aa191142cc3e4792a15ff9881dede6fbc8a8972a4e34e4a55a2b9830786d0aad5fb23d170108a0f61a9fbfc232a40994b06c63118091351e67af5fade2d1a8023a795605ebb7a307d7c880277d657e4bfc7e35e10ee8737f06cb98bde0386f8c0483cc72ccf40296be0b66f67c992ad0fd09f9ae4784eba9682d70356aa4ff871b9b135e3db01315c1ab52079f1e87697bacc6ff7d40105108beb3063398476c5284872de2d5aef85600bdf0e0005517b85a9425df53f1e1bd6a84b18fa4d3756a91e394d0db7155f4511c706b16db9c87cc6a9fdfea629ac95e6e6185344fce376a8e194dcf169b6c934451f45d8909a11859502ff80462383a3759c05f079b80db11db1aac7c67eec991040d29bd0a30fb6a85bd8ce36dec1b749e911c751b04faafed9e07600669ca5fcbb84d20d7a0cbce498e6ec166363b2a455dc1a9e7f7ab1d1e79119cbcb77e53863a88b9a66a1c0d0880c17b77744972f6aa46d56fbecad0cc8ed09fe0d4bcf8bfdf4514646a41dae990979173aa52d73dd208d2c0521c18044ab19181d72d72e02c53802c5555f64befa3608de5cc2618057c7493a29b3c42afe645fd691aa769b4f0dd907f611b71dc55a91b0357772fc0aebd171d26cdbf295bf88638c2937a3727759efdf4bdbc54c74c2ad2517bca6d8a2457f91cda9d1087d2ea2a893b307bca0415df50fc5f369873814a4dcbace134098a1bcb6e298f952d1ee411c4a1144b5e61f71a2431ba99d1bae3beebccb1f8aeede98785dd258714f6196fd7d83d753775fcac13b13fe5ca2d2bfe6e44c6044be1c750bc267502c9c2ac5130734f379086a15b4a650d41e8dc51ae41278f404c53bf7b6ed946c8542cc77dc180e48142ae0855f52ef16375ea0c7ced612ce9e264169758ebe2419dac136a1519e1dbad933cc53da8a58fcff92136cb55b1d465ca95ab6be20392ab384665f3a37d83b87101e88c3b3b23555cc8f1c89792247cd2144bd3e865defc67266a4de3b8eb7fba1116d5053404f560b3a8f7fe2f36be813a1152fb6c67ed1dd634591ae8f4e39ff4b01c47ed30e8dba8dd8f6ec8b32666aa668edf34d580c992084ebbbd465bb1d4afe14d8d7176ea7978d35455e7c0c8f3eaaf051d3bffd60c002f56e38d9536ba441755b78821de4477c15d1c7d436ee08ab56180467136b0604052a24f1ded0a20a0ec2e797501fce3baf0c256c31151c336550189b9d7a5f2b25e514c4a7d4f1a011c663a2640384c1c62ad59ac4798b84393366179dfb46c38a5be4db1933fe4d0d74ab3b7c3d73dbf72db8bc3a53e59e3a6ba324c876784bd05ee7b7acfe6a2b3fca37f0a2f71c96c9dea42f3773be2a50b0bcb043a19b1b1a7dcb688e713ff25747ff752a6b9fd982ffc8bbbc1d6391b2fc6d596dc8e36992451af5303e7205d329ecce5c2ea0c4c6e976d98963b2102cc2e333e41f64037346f9653a5d7c5d86b34ede0842109280f5a7a5d68e8a26f0a997607afad1ce30a8bcb86bebdb196f3dc6966d22787ca9ce117e58e4384e137ed9a624c578fa84d17209312cfdcd9ec09f3d7cb748c1d3196bbd929b8684a20715b985913c184cf4c20b8ca2b8604f0fee3349d8691cf6446f03a23f4c4e726937b203fa0002449e7d4df98f3ac797378f08ea5ce12b10eba0a3f88e3fc1b45ea1476542507b10eaa6c12750078bee0f8931eae35b8ac4c462acf3a4b457c0ab5079bd19d434a512f2cf10bdd2111a67e81b510a6f722de81cf2a9f7e6cdb17b61d937610cf177a0b9a1ee89703d1b0bf96ceb803599c5af8b779f8bf530260c549f53c38ddafc9f24fdeaa7eb76c3dff838ff733ced7d968ec6867f1abae3e3a214516fe7efce0faca247e8fcdb7a31f9ee6bb58a50b12413a4cb0c000acf35bb9773d0680a2b391d4b7da4e6fccce68d6760b19e6ee60f04d874d794eac1ec18acd79c3c347da77e26dbdd9a9a5d791e83611d1e715dab70ce9bca4ca8b122ceeb9409db5e8b2f1dc26e4781c2aaeaec54974b7716d30c72b33b013a90df9c9ea274f061e65535dc7e739a984d839cf5f167347dff883557d7d643836ddb06aa27ab490e806fd9880a80e545c61d244eb47d41da9a5f7bacb7489b410b44807e861697cefacd12c33526a745f4425cb6de16aa3c041e305cf4f5d427aba8bf2fc1e264cc05f7ac67387609b734fb5dfcf6976f5957b9a1ce5c70a8d23c2680903bd99b8f566b49fe1c38c6727102e359cc7ff14969ef97ca69c0aa79aed7e78a67b64f1f1c95cc1a44e33d12d434bc0417c514952ff3a112a6af2fb413beaf1a7186c5b512b4df753e35f0351a9e0fcb21efe82fbc29244c55b565048a44f4da987d32ec4f191963dbb976e4bbe578b83b0e0d86852c9cad76a7a69694408491101a0f45fbe84516a4df39cfd9517fda1b5abdb23400c0f26f1af91f3b5498567b83a34ccaf44a41e47a8ea4d27cc93af400146605c5dfdc2b49cd34b83054d652ae7d431f39ddc8a6468362d942d48968e3f7c2dfe56db5bcc46568fa52e3a41c2067264ceec5f28444fd5f16ba32f01aa53dee91c95a595add2a6077e04bd7ba106ba4ff69ac70de1a43baeca30f9be146490dbc3f883ca8141e9323ed63bd902e8ce2c009a839b9f331e795bad05476e8ebe8e4cc2143b9cfd86e38e1885b57da53ef91cf189efc4e9ba578f3b6e819e5c3b332a843a6fbbe50ab19fe40231c91d6d7fdcbd6c7943db2407ebc3de3464e08839d732cbe2ee8ba81b4f1a10f2c0c7717b1be4ae82a1b8ea3637bceebf2c2b87e2b0bec1e8a7c742490c56a2cb2b796f130db7ee7cd4db4947cb5721bb798a215a9756418dcafc63755f54bb5cffedc73f134e3a24b73cb8fdea21ca96e9d2694172bac9004a880144176e176fe5944de1814c2ec28565cb3ec9747d50b509e67ae82459cc8c7c76b3a1d65599c63b4be5e6a5164da3f22f17e9b2e0054fbeb06037a1663b9795b4ffe6d2295b1791543dacf03bd62505912d580a341d43b6a9000f1669d2e8d1adc9054ea9236dab4f0e091335ab9c3860d6a96de7ff3c634aaa8329d740fa520d7ccf883f2c2b4741a1e7ca75fdec230c2adfc580da20dda40c6949640883eb660176647a599956d2518698e70a16cfa8fb570f6b8d541a1a70b53d0f0975acfa26113953f72b777", 0x1000, 0x3, 0x0, 0x2}, &(0x7f00000011c0)) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) eventfd(0x0) r7 = dup3(r6, r4, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r9, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000001200)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x4e21, 0x6, @loopback, 0x200}, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x11}}, @in6={0xa, 0x4e22, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xa3d3}], 0x58) close(r9) splice(r8, 0x0, r9, 0x0, 0x100000002, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000000)={r8, 0x0, 0x2, r0}) [ 328.294207] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 328.300111] ? trace_hardirqs_on+0x10/0x10 [ 328.304357] ? __fdget_pos+0xa6/0xc0 [ 328.308076] ? fsnotify+0x897/0x1110 [ 328.311792] ? __vfs_write+0xec/0x630 [ 328.315594] ? proc_tid_io_accounting+0x20/0x20 [ 328.320264] ? SyS_write+0x1b7/0x210 [ 328.323988] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 328.329893] do_vfs_ioctl+0x75a/0xfe0 [ 328.333709] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 328.339331] ? ioctl_preallocate+0x1a0/0x1a0 [ 328.343729] ? security_file_ioctl+0x76/0xb0 [ 328.348463] ? security_file_ioctl+0x83/0xb0 [ 328.352853] SyS_ioctl+0x7f/0xb0 [ 328.356197] ? do_vfs_ioctl+0xfe0/0xfe0 [ 328.360163] do_syscall_64+0x1d5/0x640 [ 328.364034] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 328.369201] RIP: 0033:0x45cb29 [ 328.372366] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 328.380499] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 328.387748] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 00:32:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = mq_open(&(0x7f0000000040)='$.*)\x00', 0x40, 0x159, &(0x7f00000000c0)={0x7, 0x101, 0x24, 0x3}) fsetxattr$trusted_overlay_nlink(r3, &(0x7f0000000100)='trusted.overlay.nlink\x00', &(0x7f0000000140)={'L+', 0xe0000000000}, 0x16, 0x2) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x13, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="fbc4632fe6bfc1ea64234c07429e8823e1b0000f90979ddb6fb969bd6d75895a83d32fa5ef3adb34353000e07f2be89ceb54739f2b3d30a64998a40c4bcb5e1310ce819edf06496ec05008a3972cde687d9e4bbf7bf66bf2787b169866512389cd450079195f13cc21f2d7180f6acebac7a19a7fd0c83cc8d50a50400671e8635b7552de5a5c", @ANYRES32=r7, @ANYBLOB="00000000000000009500000000000000"], &(0x7f0000000240)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100, 0x2, [], 0x0, 0x10, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x8, 0x1}, 0x8, 0x10, &(0x7f00000002c0)={0x0, 0xe, 0x60, 0xef5}, 0x10, 0x0, r2}, 0x78) ioctl$FICLONE(r9, 0x40049409, r2) r10 = eventfd(0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={r10}) r11 = dup3(r6, r4, 0x0) ioctl$KVM_IRQFD(r11, 0x4020ae76, &(0x7f0000000080)={r10, 0x0, 0x3}) [ 328.395012] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 328.402277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 328.409530] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:37 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r3) splice(r2, 0x0, r3, 0x0, 0x100000002, 0x0) sendmsg$AUDIT_SIGNAL_INFO(r3, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x10, 0x3f2, 0x300, 0x70bd26, 0x25dfdbfc, "", ["", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x885}, 0x4008800) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r3, 0x80046402, &(0x7f00000001c0)=0x533) r7 = eventfd(0x0) r8 = dup3(r6, r4, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x2, r0}) 00:32:37 executing program 2 (fault-call:10 fault-nth:49): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x453500, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x6) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 328.640250] FAULT_INJECTION: forcing a failure. [ 328.640250] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 328.652777] CPU: 1 PID: 17164 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 328.660864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 328.670264] Call Trace: [ 328.672861] dump_stack+0x1b2/0x283 [ 328.676551] should_fail.cold+0x10a/0x154 [ 328.680715] __alloc_pages_nodemask+0x22b/0x2730 [ 328.685476] ? kmem_cache_alloc+0x124/0x3c0 [ 328.689804] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 328.694943] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 328.699107] ? do_vfs_ioctl+0x75a/0xfe0 [ 328.705471] ? trace_hardirqs_on+0x10/0x10 [ 328.709726] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 328.714590] ? cache_alloc_refill+0x1e8/0x360 [ 328.719113] ? fs_reclaim_acquire+0x10/0x10 [ 328.723450] ? mmu_topup_memory_caches+0x83/0x300 [ 328.728299] alloc_pages_current+0xe7/0x1e0 [ 328.732638] ? kmem_cache_alloc+0x35f/0x3c0 [ 328.736973] __get_free_pages+0xb/0x40 [ 328.740968] mmu_topup_memory_caches+0x187/0x300 [ 328.745729] ? kvm_vcpu_kick+0xef/0x1f0 [ 328.750148] kvm_mmu_load+0x1e/0xc90 [ 328.753871] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 328.759609] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 328.764620] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 328.769539] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 328.774979] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 328.779803] ? lock_acquire+0x170/0x3f0 [ 328.783758] ? lock_downgrade+0x6e0/0x6e0 [ 328.787892] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 328.792015] kvm_vcpu_ioctl+0x3df/0xc70 [ 328.796401] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 328.802263] ? trace_hardirqs_on+0x10/0x10 [ 328.806471] ? __fdget_pos+0xa6/0xc0 [ 328.810162] ? fsnotify+0x897/0x1110 [ 328.813857] ? __vfs_write+0xec/0x630 [ 328.817634] ? proc_tid_io_accounting+0x20/0x20 [ 328.822289] ? SyS_write+0x1b7/0x210 [ 328.825980] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 328.831865] do_vfs_ioctl+0x75a/0xfe0 [ 328.835650] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 328.841249] ? ioctl_preallocate+0x1a0/0x1a0 [ 328.845639] ? security_file_ioctl+0x76/0xb0 [ 328.850023] ? security_file_ioctl+0x83/0xb0 [ 328.854407] SyS_ioctl+0x7f/0xb0 [ 328.857745] ? do_vfs_ioctl+0xfe0/0xfe0 [ 328.861706] do_syscall_64+0x1d5/0x640 [ 328.865573] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 328.870736] RIP: 0033:0x45cb29 [ 328.873900] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 328.881583] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 00:32:37 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r3) splice(r2, 0x0, r3, 0x0, 0x100000002, 0x0) ioctl$SIOCGIFMTU(r2, 0x8921, &(0x7f0000000000)) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd(0x0) r8 = dup3(r6, r4, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x2, r0}) 00:32:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) ioctl$EVIOCSABS3F(r6, 0x401845ff, &(0x7f00000000c0)={0x5, 0x40, 0x5, 0x9, 0x8, 0x9}) r7 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r7}) r8 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x3}) 00:32:37 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00'}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) [ 328.888829] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 328.896096] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 328.903340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 328.910590] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:37 executing program 2 (fault-call:10 fault-nth:50): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 329.107050] FAULT_INJECTION: forcing a failure. [ 329.107050] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 329.137130] CPU: 1 PID: 17244 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 329.145393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 329.154751] Call Trace: [ 329.157351] dump_stack+0x1b2/0x283 [ 329.160990] should_fail.cold+0x10a/0x154 [ 329.165149] __alloc_pages_nodemask+0x22b/0x2730 [ 329.169916] ? kmem_cache_alloc+0x124/0x3c0 [ 329.174244] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 329.179352] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 329.183514] ? do_vfs_ioctl+0x75a/0xfe0 [ 329.187519] ? trace_hardirqs_on+0x10/0x10 [ 329.191768] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 329.196892] ? fs_reclaim_acquire+0x10/0x10 [ 329.201236] ? mmu_topup_memory_caches+0x83/0x300 [ 329.206095] alloc_pages_current+0xe7/0x1e0 [ 329.210510] ? kmem_cache_alloc+0x35f/0x3c0 [ 329.214844] __get_free_pages+0xb/0x40 [ 329.218732] mmu_topup_memory_caches+0x187/0x300 [ 329.223496] ? kvm_vcpu_kick+0xef/0x1f0 [ 329.227479] kvm_mmu_load+0x1e/0xc90 [ 329.231203] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 329.236660] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 329.241688] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 329.247871] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 329.253341] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 329.258190] ? lock_acquire+0x170/0x3f0 [ 329.262169] ? lock_downgrade+0x6e0/0x6e0 [ 329.266330] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 329.270569] kvm_vcpu_ioctl+0x3df/0xc70 [ 329.274542] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 329.280416] ? trace_hardirqs_on+0x10/0x10 [ 329.284759] ? __fdget_pos+0xa6/0xc0 [ 329.288451] ? fsnotify+0x897/0x1110 [ 329.292151] ? __vfs_write+0xec/0x630 [ 329.295938] ? proc_tid_io_accounting+0x20/0x20 [ 329.300601] ? SyS_write+0x1b7/0x210 [ 329.304353] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 329.310221] do_vfs_ioctl+0x75a/0xfe0 [ 329.314005] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 329.319609] ? ioctl_preallocate+0x1a0/0x1a0 [ 329.324002] ? security_file_ioctl+0x76/0xb0 [ 329.328389] ? security_file_ioctl+0x83/0xb0 [ 329.332778] SyS_ioctl+0x7f/0xb0 [ 329.336124] ? do_vfs_ioctl+0xfe0/0xfe0 [ 329.340090] do_syscall_64+0x1d5/0x640 [ 329.344318] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 329.349510] RIP: 0033:0x45cb29 [ 329.352679] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 329.360415] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 329.367726] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 329.374986] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 329.382240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 329.389513] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:39 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) connect(0xffffffffffffffff, &(0x7f0000000100)=@caif=@dbg={0x25, 0x5, 0x6e}, 0x80) socket$isdn(0x22, 0x3, 0x25) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={r5, 0x0, 0x2, r0}) 00:32:39 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x240000, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x408180, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:32:39 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:39 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x2, 0xfffffffb, r0}) r7 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r8) r9 = socket$inet_udplite(0x2, 0x2, 0x88) r10 = creat(&(0x7f0000000140)='./bus\x00', 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) fchown(r10, 0xee01, r11) mount$9p_virtio(&(0x7f0000000000)='syz\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x11040, &(0x7f0000000180)={'trans=virtio,', {[{@access_client='access=client'}, {@privport='privport'}, {@dfltuid={'dfltuid', 0x3d, r8}}, {@version_L='version=9p2000.L'}, {@aname={'aname', 0x3d, '/dev/kvm\x00'}}, {@cache_none='cache=none'}, {@cachetag={'cachetag', 0x3d, '[]\']'}}, {@dfltgid={'dfltgid', 0x3d, r11}}], [{@smackfshat={'smackfshat'}}]}}) 00:32:39 executing program 2 (fault-call:10 fault-nth:51): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:39 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:32:39 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r3) recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000280)=""/105, 0x69, 0x400000e1, &(0x7f0000000300)={0x23, 0x2, 0x9, 0x1}, 0x10) splice(r2, 0x0, r3, 0x0, 0x100000002, 0x0) getsockopt$bt_sco_SCO_OPTIONS(r2, 0x11, 0x1, &(0x7f00000000c0)=""/195, &(0x7f0000000240)=0xc3) r4 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000000)={r8}) r9 = dup3(r7, r5, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x3}) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000040)={0x2, 'ip6gretap0\x00', {0x81}, 0x200}) 00:32:39 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r8, 0x28, 0x6, &(0x7f0000000000), 0x10) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:32:39 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$UI_SET_SWBIT(r6, 0x4004556d, 0x9) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 331.236262] FAULT_INJECTION: forcing a failure. [ 331.236262] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 331.297595] CPU: 1 PID: 17294 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 331.305604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 331.314959] Call Trace: [ 331.317646] dump_stack+0x1b2/0x283 [ 331.321289] should_fail.cold+0x10a/0x154 [ 331.326056] __alloc_pages_nodemask+0x22b/0x2730 [ 331.330819] ? kmem_cache_alloc+0x124/0x3c0 [ 331.335150] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 331.340348] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 331.344497] ? do_vfs_ioctl+0x75a/0xfe0 [ 331.348480] ? trace_hardirqs_on+0x10/0x10 [ 331.353158] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 331.358013] ? fs_reclaim_acquire+0x10/0x10 [ 331.362881] ? mmu_topup_memory_caches+0x83/0x300 [ 331.367825] alloc_pages_current+0xe7/0x1e0 [ 331.372162] ? kmem_cache_alloc+0x35f/0x3c0 [ 331.376489] __get_free_pages+0xb/0x40 [ 331.380382] mmu_topup_memory_caches+0x187/0x300 [ 331.385143] ? kvm_vcpu_kick+0xef/0x1f0 [ 331.389121] kvm_mmu_load+0x1e/0xc90 [ 331.392837] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 331.398298] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 331.403245] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 331.408182] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 331.413820] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 331.418663] ? lock_acquire+0x170/0x3f0 [ 331.423113] ? lock_downgrade+0x6e0/0x6e0 [ 331.427268] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 331.431421] kvm_vcpu_ioctl+0x3df/0xc70 [ 331.435410] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 331.441315] ? trace_hardirqs_on+0x10/0x10 [ 331.445558] ? __fdget_pos+0xa6/0xc0 [ 331.449275] ? fsnotify+0x897/0x1110 [ 331.452995] ? __vfs_write+0xec/0x630 [ 331.456913] ? proc_tid_io_accounting+0x20/0x20 [ 331.461609] ? SyS_write+0x1b7/0x210 [ 331.466132] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 331.472018] do_vfs_ioctl+0x75a/0xfe0 [ 331.475836] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 331.481476] ? ioctl_preallocate+0x1a0/0x1a0 [ 331.485898] ? security_file_ioctl+0x76/0xb0 [ 331.490309] ? security_file_ioctl+0x83/0xb0 [ 331.494720] SyS_ioctl+0x7f/0xb0 00:32:40 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x40800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x141001, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0), 0x0, 0x0) close(r3) splice(0xffffffffffffffff, 0x0, r3, 0x0, 0x100000002, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(0xffffffffffffffff, r1, 0x0) bind$bt_sco(r3, &(0x7f00000002c0)={0x1f, @none}, 0x8) ioctl$KVM_ASSIGN_PCI_DEVICE(r4, 0x8040ae69, &(0x7f00000001c0)={0x6, 0x80000001, 0x6d8b, 0x4, 0x8}) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r6, 0x84, 0x7, &(0x7f0000000000)={0x4}, 0x4) r7 = semget$private(0x0, 0x2, 0x552) semctl$GETPID(r7, 0x2, 0xb, 0x0) finit_module(0xffffffffffffffff, &(0x7f00000004c0)='\xdd\x01\xad\xf6\xed\x06\x00\x00\x00\x00\x00\x00\x00\xfe\x90wh\xef\x84\xd4\xe0\xfc\x96b\xe4c&k4\x9d\xa0\xa3h\xe3gL\xff\xa0n\xdaV\x9el\xcf\f\xa9\xadGL\x8e\xd7f\f\xfc\xf0c.\'G\x98*\x8eH\x1eu\xc2\xda\x9egm\xa5\x06\x00\x00\x00\x00\x00\x00\x00\x81\xd5b\xfc\x12\xe8\x02\x15\xeeV5v\x17}\x88\xeag\xdaX\xab\xb6k&t\xfe\x17\xef\xfb\x10\x91>\xa1\xefAM\x9e\xb4H\x14\xd7F\f\b\x171\x11\xa6\xae=$\x00\x98\xdcp\x1d\x93\xbdJW\xe8\xa9\xcc\xb9\x83\x9an\xdeR\x19\xf66\xf9\xf71\xa6\x96\r\xc8?qzs\xb4\x80s\a[\x13\xc3\xdd\xfd\xc3\x14B\xbeK*+f\xe3\xa0!0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000140)="3e10d2f6a540fec9e16967b4ddd762cb8cc6db8fe06d9d0ee624179e6abfa541946888b8599df6558390880ff371325acbda1ecd806ec4fb4d1d729ed6b79b90c9f6aa83bd44a241db3e381b0875b8cfd8fde51e4923b827a22d866c73a884b936bc2cbc3cb781e60fd632a1f63477949d85f68f481b", 0x76}, {&(0x7f0000000240)="c20b640f77f71bffff97a593c376a1ea931891e75f7c6d37efabcc96ad8ae66188991c4499c4439d2b9abd94bbd66efc3169ab57785cc3dce6966df946fe793073214abed23e9102a2183b10795856ecfcbbe32defd312051637a634dea520a06676e4c8903ec805cf35ba67de0ce25befab399793dad087d8349d929145633019fa59c9a98a89e38fc3c6bf417ec99ea402138f16df2867f32935028f894c0c06684f14777a51bbce4fe5d157a86af96100997aa40c6b36ae82bc1c3f135e059b857eb82a94a6562e823ea8422491993a0ae0e388af0e4d1cbac8e6", 0xdc}, {&(0x7f0000000340)="c0550722e025aa310fded4b8d251f40d202cf9066efee5bb006d7f27bf066858652f18275e985738e1d49f9da02c2808a5ebff5e35fa07e92ca321ba8e5e1f117daa992a81ebbf244e2315f3995afce123e0", 0x52}], 0x3, 0x0) close(r1) splice(r0, 0x0, r1, 0x0, 0x100000002, 0x0) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000040)=0x3, 0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000000)={r8}) r9 = dup3(r7, r5, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x3}) prctl$PR_MCE_KILL(0x21, 0x1, 0x0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000002, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) 00:32:40 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_UNLINK(0xffffffffffffffff, 0x4161, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) ioctl$PPPIOCSACTIVE(r7, 0x40107446, &(0x7f0000000100)={0x6, &(0x7f0000000000)=[{0x7, 0x3, 0xba, 0xf0}, {0x2, 0x6, 0x3}, {0xff, 0xe1, 0x1f, 0x8f0}, {0x1, 0x80, 0x7, 0x2}, {0x7, 0xfa, 0x3, 0x4}, {0x7, 0xe, 0x7, 0x87}]}) [ 331.546273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 331.553550] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:40 executing program 2 (fault-call:10 fault-nth:52): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:40 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0xfffffffc, 0x2, r0}) [ 331.740493] FAULT_INJECTION: forcing a failure. [ 331.740493] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 331.772716] CPU: 0 PID: 17384 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 331.780642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 331.790002] Call Trace: [ 331.792601] dump_stack+0x1b2/0x283 [ 331.796258] should_fail.cold+0x10a/0x154 [ 331.800418] __alloc_pages_nodemask+0x22b/0x2730 [ 331.805180] ? kmem_cache_alloc+0x124/0x3c0 [ 331.809510] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 331.814624] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 331.819387] ? do_vfs_ioctl+0x75a/0xfe0 [ 331.823391] ? trace_hardirqs_on+0x10/0x10 [ 331.827641] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 331.832496] ? fs_reclaim_acquire+0x10/0x10 [ 331.837012] ? mmu_topup_memory_caches+0x83/0x300 [ 331.841842] alloc_pages_current+0xe7/0x1e0 [ 331.847107] ? kmem_cache_alloc+0x35f/0x3c0 [ 331.851670] __get_free_pages+0xb/0x40 [ 331.855855] mmu_topup_memory_caches+0x187/0x300 [ 331.860598] ? kvm_vcpu_kick+0xef/0x1f0 [ 331.864557] kvm_mmu_load+0x1e/0xc90 [ 331.868252] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 331.875166] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 331.880082] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 331.885023] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 331.890481] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 331.895316] ? lock_acquire+0x170/0x3f0 [ 331.899281] ? lock_downgrade+0x6e0/0x6e0 [ 331.903418] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 331.907548] kvm_vcpu_ioctl+0x3df/0xc70 [ 331.911534] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 331.917401] ? trace_hardirqs_on+0x10/0x10 [ 331.921622] ? __fdget_pos+0xa6/0xc0 [ 331.925343] ? fsnotify+0x897/0x1110 [ 331.929037] ? __vfs_write+0xec/0x630 [ 331.932827] ? proc_tid_io_accounting+0x20/0x20 [ 331.937493] ? SyS_write+0x1b7/0x210 [ 331.941193] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 331.947059] do_vfs_ioctl+0x75a/0xfe0 [ 331.950851] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 331.956454] ? ioctl_preallocate+0x1a0/0x1a0 [ 331.960844] ? security_file_ioctl+0x76/0xb0 [ 331.965232] ? security_file_ioctl+0x83/0xb0 [ 331.969620] SyS_ioctl+0x7f/0xb0 [ 331.972985] ? do_vfs_ioctl+0xfe0/0xfe0 [ 331.978163] do_syscall_64+0x1d5/0x640 [ 331.982041] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 331.987207] RIP: 0033:0x45cb29 [ 331.990386] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 331.998072] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 332.005319] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 332.013023] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 332.020410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 332.028039] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 [ 333.864125] NOHZ: local_softirq_pending 08 00:32:42 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:42 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:32:42 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:32:42 executing program 2 (fault-call:10 fault-nth:53): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:42 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x9008b5b) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = socket$inet6(0xa, 0x80000, 0x0) connect$inet6(r4, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x6}, 0x1c) getpeername$l2tp6(r4, &(0x7f0000000040), &(0x7f00000000c0)=0x20) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r6) fcntl$addseals(0xffffffffffffffff, 0x409, 0x3) splice(r5, 0x0, r6, 0x0, 0x100000002, 0x0) getsockopt$netrom_NETROM_T4(r6, 0x103, 0x6, &(0x7f0000000100)=0x100, &(0x7f0000000140)=0x4) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x2000, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = eventfd(0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000000)={r9}) r10 = dup3(r8, r3, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r9, 0x0, 0x3}) 00:32:42 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x40009) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 334.224365] FAULT_INJECTION: forcing a failure. [ 334.224365] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 334.251754] CPU: 0 PID: 17440 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 334.259977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 334.269457] Call Trace: [ 334.272073] dump_stack+0x1b2/0x283 [ 334.275819] should_fail.cold+0x10a/0x154 [ 334.279986] __alloc_pages_nodemask+0x22b/0x2730 [ 334.284852] ? kmem_cache_alloc+0x124/0x3c0 [ 334.289396] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 334.296334] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 334.302058] ? do_vfs_ioctl+0x75a/0xfe0 [ 334.306432] ? trace_hardirqs_on+0x10/0x10 [ 334.310684] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 334.315534] ? cache_alloc_refill+0x1e8/0x360 [ 334.320310] ? fs_reclaim_acquire+0x10/0x10 [ 334.324949] ? mmu_topup_memory_caches+0x83/0x300 [ 334.330072] alloc_pages_current+0xe7/0x1e0 [ 334.335555] ? kmem_cache_alloc+0x35f/0x3c0 [ 334.340168] __get_free_pages+0xb/0x40 [ 334.344349] mmu_topup_memory_caches+0x187/0x300 [ 334.350476] ? kvm_vcpu_kick+0xef/0x1f0 [ 334.354727] kvm_mmu_load+0x1e/0xc90 [ 334.359325] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 334.364891] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 334.370060] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 334.375881] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 334.381871] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 334.387075] ? lock_acquire+0x170/0x3f0 [ 334.391065] ? lock_downgrade+0x6e0/0x6e0 [ 334.395429] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 334.399631] kvm_vcpu_ioctl+0x3df/0xc70 [ 334.403717] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 334.409706] ? trace_hardirqs_on+0x10/0x10 [ 334.414035] ? __fdget_pos+0xa6/0xc0 [ 334.418219] ? fsnotify+0x897/0x1110 [ 334.422033] ? __vfs_write+0xec/0x630 [ 334.425940] ? proc_tid_io_accounting+0x20/0x20 [ 334.431715] ? SyS_write+0x1b7/0x210 [ 334.435535] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 334.443169] do_vfs_ioctl+0x75a/0xfe0 [ 334.447101] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 334.452736] ? ioctl_preallocate+0x1a0/0x1a0 [ 334.457164] ? security_file_ioctl+0x76/0xb0 [ 334.461583] ? security_file_ioctl+0x83/0xb0 [ 334.465995] SyS_ioctl+0x7f/0xb0 [ 334.469369] ? do_vfs_ioctl+0xfe0/0xfe0 00:32:43 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r7) splice(r6, 0x0, r7, 0x0, 0x100000002, 0x0) write$char_usb(r7, &(0x7f0000000000)="78a57d5e09449e50b6caadc9005f74634a117aa7d8e3238b4a8ece3fc7a968f871150f5ee797478bd9ea8e6040dec293", 0x30) r8 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 334.473355] do_syscall_64+0x1d5/0x640 [ 334.477259] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 334.482451] RIP: 0033:0x45cb29 [ 334.485639] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 334.493351] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 334.500626] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 334.508032] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 334.515323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 334.522699] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:43 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) r7 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x400002, 0x0) flistxattr(r7, &(0x7f0000000200)=""/242, 0xf2) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r8 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:32:43 executing program 2 (fault-call:10 fault-nth:54): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:43 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x80000) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) [ 334.747925] FAULT_INJECTION: forcing a failure. [ 334.747925] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 334.804507] CPU: 0 PID: 17520 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 334.812432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 334.821787] Call Trace: [ 334.824386] dump_stack+0x1b2/0x283 [ 334.828026] should_fail.cold+0x10a/0x154 [ 334.832189] __alloc_pages_nodemask+0x22b/0x2730 [ 334.836948] ? kmem_cache_alloc+0x124/0x3c0 [ 334.841277] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 334.846382] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 334.850532] ? do_vfs_ioctl+0x75a/0xfe0 [ 334.854535] ? trace_hardirqs_on+0x10/0x10 [ 334.858788] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 334.863634] ? cache_alloc_refill+0x1e8/0x360 [ 334.868139] ? fs_reclaim_acquire+0x10/0x10 [ 334.872477] ? mmu_topup_memory_caches+0x83/0x300 [ 334.877328] alloc_pages_current+0xe7/0x1e0 [ 334.881658] ? kmem_cache_alloc+0x35f/0x3c0 [ 334.885984] __get_free_pages+0xb/0x40 [ 334.890137] mmu_topup_memory_caches+0x187/0x300 [ 334.895419] ? kvm_vcpu_kick+0xef/0x1f0 [ 334.899402] kvm_mmu_load+0x1e/0xc90 [ 334.903132] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 334.908588] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 334.913535] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 334.918469] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 334.923929] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 334.928772] ? lock_acquire+0x170/0x3f0 [ 334.932758] ? lock_downgrade+0x6e0/0x6e0 [ 334.936915] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 334.941065] kvm_vcpu_ioctl+0x3df/0xc70 [ 334.945054] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 334.950956] ? trace_hardirqs_on+0x10/0x10 [ 334.955277] ? __fdget_pos+0xa6/0xc0 [ 334.958994] ? fsnotify+0x897/0x1110 [ 334.962710] ? __vfs_write+0xec/0x630 [ 334.966537] ? proc_tid_io_accounting+0x20/0x20 [ 334.971201] ? SyS_write+0x1b7/0x210 [ 334.974925] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 334.980810] do_vfs_ioctl+0x75a/0xfe0 [ 334.984611] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 334.990235] ? ioctl_preallocate+0x1a0/0x1a0 [ 334.995177] ? security_file_ioctl+0x76/0xb0 [ 334.999736] ? security_file_ioctl+0x83/0xb0 [ 335.004146] SyS_ioctl+0x7f/0xb0 [ 335.007517] ? do_vfs_ioctl+0xfe0/0xfe0 [ 335.011492] do_syscall_64+0x1d5/0x640 [ 335.015383] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 335.020575] RIP: 0033:0x45cb29 [ 335.023757] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 335.031465] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 335.038744] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 335.046011] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 00:32:43 executing program 1: r0 = eventfd(0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r2) splice(r1, 0x0, r2, 0x0, 0x100000002, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r0, 0x8, 0x647, r0}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$ASHMEM_SET_SIZE(r6, 0x40087703, 0x80) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) r9 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0x20a180, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f00000001c0)={r8, 0x8000, 0x2, r9}) [ 335.053284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 335.061508] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:43 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:32:45 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r6, 0x118, 0x1, &(0x7f00000001c0), 0x4) r7 = dup3(r5, r6, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:32:45 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:45 executing program 2 (fault-call:10 fault-nth:55): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:45 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r4) splice(r3, 0x0, r4, 0x0, 0x100000002, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x30, r6, 0x5, 0x0, 0x0, {{}, {}, {0x14, 0x18, {0x0, @bearer=@l2={'eth', 0x3a, 'dummy0\x00'}}}}}, 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(r3, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r6, 0x8, 0x70bd26, 0x25dfdbfc, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = eventfd(0x0) r10 = dup3(r8, r2, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r9, 0x0, 0x2, r0}) 00:32:45 executing program 3: eventfd(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = eventfd(0x0) r3 = dup3(0xffffffffffffffff, r1, 0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000080)={r2, 0x0, 0x2}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="850000000000000084000000100000009500000000000000"], &(0x7f0000000180)='GPL\x00'}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r6, 0xc0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000080)={r7}, 0xc) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)={0x8001, r7}, 0x8) vmsplice(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r5) splice(r4, 0x0, r5, 0x0, 0x100000002, 0x0) ioctl$UI_SET_ABSBIT(r4, 0x40045567, 0x2) 00:32:45 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) [ 337.250497] FAULT_INJECTION: forcing a failure. [ 337.250497] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 337.272236] [ 337.276850] ============================= [ 337.311444] CPU: 0 PID: 17600 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 337.318890] WARNING: suspicious RCU usage [ 337.319510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 337.333193] Call Trace: [ 337.335795] dump_stack+0x1b2/0x283 [ 337.337128] 4.14.184-syzkaller #0 Not tainted [ 337.340012] should_fail.cold+0x10a/0x154 [ 337.340028] __alloc_pages_nodemask+0x22b/0x2730 [ 337.340041] ? kmem_cache_alloc+0x124/0x3c0 [ 337.358914] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 337.360545] ----------------------------- [ 337.364517] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 337.364526] ? do_vfs_ioctl+0x75a/0xfe0 [ 337.364544] ? trace_hardirqs_on+0x10/0x10 [ 337.364558] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 337.364567] ? cache_alloc_refill+0x1e8/0x360 [ 337.364580] ? fs_reclaim_acquire+0x10/0x10 [ 337.364597] ? mmu_topup_memory_caches+0x83/0x300 [ 337.364612] alloc_pages_current+0xe7/0x1e0 [ 337.379564] net/tipc/bearer.c:177 suspicious rcu_dereference_protected() usage! [ 337.381621] ? kmem_cache_alloc+0x35f/0x3c0 [ 337.381637] __get_free_pages+0xb/0x40 [ 337.381649] mmu_topup_memory_caches+0x187/0x300 [ 337.381659] ? kvm_vcpu_kick+0xef/0x1f0 [ 337.381671] kvm_mmu_load+0x1e/0xc90 [ 337.406307] [ 337.406307] other info that might help us debug this: [ 337.406307] [ 337.413855] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 337.413870] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 337.413884] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 337.413897] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 337.413913] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 337.413920] ? lock_acquire+0x170/0x3f0 [ 337.413928] ? lock_downgrade+0x6e0/0x6e0 [ 337.413942] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 337.424527] [ 337.424527] rcu_scheduler_active = 2, debug_locks = 1 [ 337.428213] kvm_vcpu_ioctl+0x3df/0xc70 [ 337.428228] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 337.428242] ? trace_hardirqs_on+0x10/0x10 [ 337.428254] ? __fdget_pos+0xa6/0xc0 [ 337.433107] 2 locks held by syz-executor.1/17615: [ 337.436712] ? fsnotify+0x897/0x1110 [ 337.436720] ? __vfs_write+0xec/0x630 [ 337.436729] ? proc_tid_io_accounting+0x20/0x20 [ 337.436737] ? SyS_write+0x1b7/0x210 [ 337.436750] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 337.436770] do_vfs_ioctl+0x75a/0xfe0 [ 337.436783] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 337.436792] ? ioctl_preallocate+0x1a0/0x1a0 [ 337.436809] ? security_file_ioctl+0x76/0xb0 [ 337.436816] ? security_file_ioctl+0x83/0xb0 00:32:46 executing program 2 (fault-call:10 fault-nth:56): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:46 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = accept4(0xffffffffffffffff, &(0x7f00000000c0)=@ethernet={0x0, @local}, &(0x7f0000000040)=0x80, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x0, &(0x7f0000000140)=0x7, 0x4) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5}) dup3(r4, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r7) splice(r6, 0x0, r7, 0x0, 0x100000002, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x3}) 00:32:46 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000180)="f5b90fbf8569fd74ed7ddb2fea193ce8d7ee2de3", 0x14, 0xfffffffffffffffe) r5 = add_key$user(&(0x7f00000003c0)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000002, 0x0) getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000001c0)=""/60, &(0x7f0000000240)=0x3c) keyctl$dh_compute(0x17, &(0x7f0000000140)={r4, r5, r4}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r6 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000180)="f5b90fbf8569fd74ed7ddb2fea193ce8d7ee2de3", 0x14, 0xfffffffffffffffe) r7 = add_key$user(&(0x7f00000003c0)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r6, r7, r6}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r8 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000180)="f5b90fbf8569fd74ed7ddb2fea193ce8d7ee2de3", 0x14, 0xfffffffffffffffe) r9 = add_key$user(&(0x7f00000003c0)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r8, r9, r8}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) keyctl$dh_compute(0x17, &(0x7f0000000000)={r5, r7, r9}, &(0x7f0000000100)=""/11, 0xb, &(0x7f0000000180)={&(0x7f0000000140)={'sha1-generic\x00'}}) r10 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r11 = eventfd(0x0) r12 = dup3(r10, r2, 0x0) ioctl$KVM_IRQFD(r12, 0x4020ae76, &(0x7f0000000080)={r11, 0x0, 0x2, r0}) [ 337.436825] SyS_ioctl+0x7f/0xb0 [ 337.436832] ? do_vfs_ioctl+0xfe0/0xfe0 [ 337.436843] do_syscall_64+0x1d5/0x640 [ 337.436862] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 337.467676] #0: [ 337.471705] RIP: 0033:0x45cb29 [ 337.471711] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 337.471722] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 337.471728] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 337.471733] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 337.471737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 337.471746] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 [ 337.476480] (cb_lock){++++}, at: [] genl_rcv+0x15/0x40 [ 337.652690] #1: (genl_mutex){+.+.}, at: [] genl_rcv_msg+0x112/0x140 [ 337.667032] [ 337.667032] stack backtrace: [ 337.672196] CPU: 1 PID: 17615 Comm: syz-executor.1 Not tainted 4.14.184-syzkaller #0 [ 337.680280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 337.681924] FAULT_INJECTION: forcing a failure. [ 337.681924] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 337.689639] Call Trace: [ 337.689660] dump_stack+0x1b2/0x283 [ 337.689748] tipc_bearer_find+0x1ff/0x2f0 [ 337.689797] tipc_nl_compat_link_set+0x40b/0xb80 [ 337.718364] tipc_nl_compat_doit+0x18d/0x510 [ 337.723001] ? SyS_sendmsg+0x27/0x40 [ 337.726912] ? tipc_nl_compat_link_stat_dump+0x1b90/0x1b90 [ 337.732994] ? cap_capable+0x1c4/0x230 [ 337.737090] ? security_capable+0x88/0xb0 [ 337.742473] ? ns_capable_common+0x127/0x150 [ 337.748595] tipc_nl_compat_recv+0x95c/0xa10 [ 337.753646] ? debug_check_no_obj_freed+0x27c/0x5fd [ 337.759470] ? tipc_nl_compat_doit+0x510/0x510 [ 337.764071] ? tipc_nl_node_dump+0xc20/0xc20 [ 337.768487] ? __tipc_add_link_prop.isra.0+0x1a0/0x1a0 [ 337.774031] ? lock_acquire+0x170/0x3f0 [ 337.778018] genl_family_rcv_msg+0x57c/0xb30 [ 337.782440] ? lock_is_held_type+0x1f5/0x210 [ 337.787300] ? genl_rcv+0x40/0x40 [ 337.790840] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 337.797073] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 337.802309] ? __dev_queue_xmit+0xd33/0x25a0 [ 337.806924] ? __local_bh_enable_ip+0xc1/0x160 [ 337.811527] genl_rcv_msg+0xaf/0x140 [ 337.815246] netlink_rcv_skb+0x127/0x370 [ 337.819294] ? genl_family_rcv_msg+0xb30/0xb30 [ 337.823892] ? netlink_ack+0x970/0x970 [ 337.828140] ? lock_acquire+0x170/0x3f0 [ 337.832131] genl_rcv+0x24/0x40 [ 337.835401] netlink_unicast+0x437/0x610 [ 337.839448] ? netlink_sendskb+0x50/0x50 [ 337.843526] netlink_sendmsg+0x64a/0xbb0 [ 337.847585] ? nlmsg_notify+0x160/0x160 [ 337.852022] ? move_addr_to_kernel.part.0+0xf0/0xf0 [ 337.857692] ? security_socket_sendmsg+0x83/0xb0 [ 337.862544] ? nlmsg_notify+0x160/0x160 [ 337.867249] sock_sendmsg+0xb5/0x100 [ 337.870970] ___sys_sendmsg+0x70a/0x840 [ 337.876174] ? trace_hardirqs_on+0x10/0x10 [ 337.880562] ? copy_msghdr_from_user+0x380/0x380 [ 337.885879] ? trace_hardirqs_on+0x10/0x10 [ 337.890283] ? lock_acquire+0x170/0x3f0 [ 337.894444] ? lock_downgrade+0x6e0/0x6e0 [ 337.898768] ? __fget+0x226/0x360 [ 337.902256] ? __fget_light+0x199/0x1f0 [ 337.906500] ? sockfd_lookup_light+0xb2/0x160 [ 337.911001] __sys_sendmsg+0xa3/0x120 [ 337.914992] ? SyS_shutdown+0x160/0x160 [ 337.919338] ? SyS_clock_gettime+0xf5/0x180 [ 337.923774] ? SyS_clock_settime+0x1a0/0x1a0 [ 337.929345] SyS_sendmsg+0x27/0x40 [ 337.932896] ? __sys_sendmsg+0x120/0x120 [ 337.936966] do_syscall_64+0x1d5/0x640 [ 337.940960] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 337.946323] RIP: 0033:0x45cb29 [ 337.949790] RSP: 002b:00007fa137ccbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 337.957687] RAX: ffffffffffffffda RBX: 0000000000501a60 RCX: 000000000045cb29 [ 337.965318] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000007 [ 337.973886] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 337.981333] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 337.988875] R13: 0000000000000a10 R14: 00000000004ccf0a R15: 00007fa137ccc6d4 [ 337.996264] CPU: 0 PID: 17655 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 338.004774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 338.014491] Call Trace: [ 338.017093] dump_stack+0x1b2/0x283 [ 338.021553] should_fail.cold+0x10a/0x154 [ 338.025857] __alloc_pages_nodemask+0x22b/0x2730 [ 338.031158] ? kmem_cache_alloc+0x124/0x3c0 [ 338.037322] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 338.042556] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 338.046814] ? do_vfs_ioctl+0x75a/0xfe0 [ 338.051171] ? trace_hardirqs_on+0x10/0x10 [ 338.055425] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 338.060602] ? fs_reclaim_acquire+0x10/0x10 [ 338.065019] ? mmu_topup_memory_caches+0x83/0x300 [ 338.069876] alloc_pages_current+0xe7/0x1e0 [ 338.074300] ? kmem_cache_alloc+0x35f/0x3c0 [ 338.078730] __get_free_pages+0xb/0x40 [ 338.082631] mmu_topup_memory_caches+0x187/0x300 [ 338.087916] ? kvm_vcpu_kick+0xef/0x1f0 [ 338.093647] kvm_mmu_load+0x1e/0xc90 [ 338.097481] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 338.103538] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 338.108669] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 338.113883] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 338.119895] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 338.124798] ? lock_acquire+0x170/0x3f0 [ 338.128813] ? lock_downgrade+0x6e0/0x6e0 [ 338.134346] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 338.138774] kvm_vcpu_ioctl+0x3df/0xc70 [ 338.144630] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 338.150898] ? trace_hardirqs_on+0x10/0x10 [ 338.155657] ? __fdget_pos+0xa6/0xc0 [ 338.159695] ? fsnotify+0x897/0x1110 [ 338.163662] ? __vfs_write+0xec/0x630 [ 338.167701] ? proc_tid_io_accounting+0x20/0x20 [ 338.172369] ? SyS_write+0x1b7/0x210 [ 338.176740] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 338.183408] do_vfs_ioctl+0x75a/0xfe0 [ 338.187904] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 338.193750] ? ioctl_preallocate+0x1a0/0x1a0 [ 338.198860] ? security_file_ioctl+0x76/0xb0 [ 338.203395] ? security_file_ioctl+0x83/0xb0 [ 338.207886] SyS_ioctl+0x7f/0xb0 [ 338.211347] ? do_vfs_ioctl+0xfe0/0xfe0 [ 338.215867] do_syscall_64+0x1d5/0x640 [ 338.220157] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 338.226373] RIP: 0033:0x45cb29 [ 338.229657] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 338.238167] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 338.245917] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 338.253407] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 338.261314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 00:32:46 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f00000000c0)={0x7b, 0x0, [0x5, 0x5, 0x10001, 0x80000000]}) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 338.268879] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:46 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:32:47 executing program 2 (fault-call:10 fault-nth:57): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:47 executing program 1: r0 = eventfd(0x0) ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000000100)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x19, 0x1, 0xbc}) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = eventfd(0x0) r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r4, 0x118, 0x1, &(0x7f0000000140), 0xfffffdef) r5 = dup3(r1, r1, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r7) splice(r6, 0x0, r7, 0x0, 0x100000002, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, &(0x7f0000000180)={0x8, 0x8, 0x4, 0x0, 0x89a, 0x81, 0x7, 0x0, 0x49, 0x8, 0x1f, 0x16, 0x0, 0x8000, 0x1f, 0x1, 0x20, 0x4, 0x6, [], 0xa, 0x4}) r8 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r8, 0x118, 0x1, &(0x7f00000001c0), 0x4) ioctl$sock_inet_SIOCGIFPFLAGS(r8, 0x8935, &(0x7f00000001c0)={'veth0_to_bond\x00', 0x8}) [ 338.500980] FAULT_INJECTION: forcing a failure. [ 338.500980] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 338.522944] CPU: 0 PID: 17709 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 338.531171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 338.541099] Call Trace: [ 338.543808] dump_stack+0x1b2/0x283 [ 338.547461] should_fail.cold+0x10a/0x154 [ 338.551838] __alloc_pages_nodemask+0x22b/0x2730 [ 338.557474] ? kmem_cache_alloc+0x124/0x3c0 [ 338.561891] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 338.567178] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 338.571510] ? do_vfs_ioctl+0x75a/0xfe0 [ 338.575866] ? trace_hardirqs_on+0x10/0x10 [ 338.580251] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 338.585394] ? fs_reclaim_acquire+0x10/0x10 [ 338.589824] ? mmu_topup_memory_caches+0x83/0x300 [ 338.595008] alloc_pages_current+0xe7/0x1e0 [ 338.599795] ? kmem_cache_alloc+0x35f/0x3c0 [ 338.604359] __get_free_pages+0xb/0x40 [ 338.608524] mmu_topup_memory_caches+0x187/0x300 [ 338.613328] ? kvm_vcpu_kick+0xef/0x1f0 [ 338.617346] kvm_mmu_load+0x1e/0xc90 [ 338.621542] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 338.627359] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 338.633054] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 338.638263] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 338.643832] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 338.648953] ? lock_acquire+0x170/0x3f0 [ 338.654599] ? lock_downgrade+0x6e0/0x6e0 [ 338.658771] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 338.663074] kvm_vcpu_ioctl+0x3df/0xc70 [ 338.667590] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 338.673577] ? trace_hardirqs_on+0x10/0x10 [ 338.678052] ? __fdget_pos+0xa6/0xc0 [ 338.682478] ? fsnotify+0x897/0x1110 [ 338.686915] ? __vfs_write+0xec/0x630 [ 338.690819] ? proc_tid_io_accounting+0x20/0x20 [ 338.695877] ? SyS_write+0x1b7/0x210 [ 338.699726] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 338.705626] do_vfs_ioctl+0x75a/0xfe0 [ 338.709949] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 338.715796] ? ioctl_preallocate+0x1a0/0x1a0 [ 338.720557] ? security_file_ioctl+0x76/0xb0 [ 338.725083] ? security_file_ioctl+0x83/0xb0 [ 338.729631] SyS_ioctl+0x7f/0xb0 [ 338.733199] ? do_vfs_ioctl+0xfe0/0xfe0 [ 338.737893] do_syscall_64+0x1d5/0x640 [ 338.742064] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 338.748094] RIP: 0033:0x45cb29 [ 338.751371] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 338.759174] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 338.766947] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 338.775021] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 338.782459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 338.790079] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:48 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:48 executing program 1: r0 = eventfd(0x3) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:32:48 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x7f0fcae9, 0x80002) sendmsg$AUDIT_TTY_SET(r3, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x18, 0x3f9, 0x800, 0x70bd2b, 0x25dfdbff, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x400c000}, 0x2000c010) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) r7 = dup3(r5, r2, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x2, r0}) 00:32:48 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) r8 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r8, 0x118, 0x1, &(0x7f00000001c0), 0x4) ioctl$FS_IOC_ENABLE_VERITY(r8, 0x40806685, &(0x7f0000000240)={0x1, 0x2, 0x1000, 0xc7, &(0x7f00000000c0)="bf79170659526af3b9a8ef1ab567a5eb4a34c56c9c8234026ad346ce5552163193839b741963206213ca6065ce9b54f61deff74426e2dbe71d05057332d7cd15fa670ced40d5fc165a4d76f7b71b4b048640eb8269b8a5d906aafe56e1b4ae5805dd83617f00a160c62b227e3aaf936e6803f73a61905575a1a91ef1e2979a5afc59364350bc0adf1dbad3d50f05398f83584946cf760092277221d5f9b47c4319850912520c1d1e4f8318c38b37f6bb95629f2a225cc9940f143e7ed142c53324040c50a2f108", 0x2f, 0x0, &(0x7f0000000040)="85b31494fd25ded793dccb3232c35c8784eb9a950abbea53bab1eedc5885f434ecf823345b85b6d56a1a1580ec7968"}) 00:32:48 executing program 2 (fault-call:10 fault-nth:58): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:48 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) [ 340.374672] FAULT_INJECTION: forcing a failure. [ 340.374672] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 340.399504] CPU: 1 PID: 17778 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 340.410197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 340.421437] Call Trace: [ 340.424374] dump_stack+0x1b2/0x283 [ 340.428553] should_fail.cold+0x10a/0x154 [ 340.432735] __alloc_pages_nodemask+0x22b/0x2730 [ 340.437499] ? kmem_cache_alloc+0x124/0x3c0 [ 340.442386] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 340.447849] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 340.452845] ? do_vfs_ioctl+0x75a/0xfe0 [ 340.457367] ? trace_hardirqs_on+0x10/0x10 [ 340.461917] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 340.466861] ? fs_reclaim_acquire+0x10/0x10 [ 340.471201] ? mmu_topup_memory_caches+0x83/0x300 [ 340.476071] alloc_pages_current+0xe7/0x1e0 [ 340.480402] ? kmem_cache_alloc+0x35f/0x3c0 [ 340.484736] __get_free_pages+0xb/0x40 [ 340.488653] mmu_topup_memory_caches+0x187/0x300 [ 340.493613] ? kvm_vcpu_kick+0xef/0x1f0 [ 340.497598] kvm_mmu_load+0x1e/0xc90 [ 340.501319] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 340.507400] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 340.512824] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 340.518323] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 340.524489] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 340.529697] ? lock_acquire+0x170/0x3f0 [ 340.534537] ? lock_downgrade+0x6e0/0x6e0 [ 340.539079] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 340.544007] kvm_vcpu_ioctl+0x3df/0xc70 [ 340.547986] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 340.554048] ? trace_hardirqs_on+0x10/0x10 [ 340.558284] ? __fdget_pos+0xa6/0xc0 [ 340.562419] ? fsnotify+0x897/0x1110 [ 340.567351] ? __vfs_write+0xec/0x630 [ 340.571146] ? proc_tid_io_accounting+0x20/0x20 [ 340.575946] ? SyS_write+0x1b7/0x210 [ 340.579648] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 340.585523] do_vfs_ioctl+0x75a/0xfe0 [ 340.589306] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 340.594924] ? ioctl_preallocate+0x1a0/0x1a0 [ 340.599779] ? security_file_ioctl+0x76/0xb0 [ 340.604180] ? security_file_ioctl+0x83/0xb0 [ 340.608600] SyS_ioctl+0x7f/0xb0 [ 340.611948] ? do_vfs_ioctl+0xfe0/0xfe0 [ 340.615908] do_syscall_64+0x1d5/0x640 [ 340.619779] entry_SYSCALL_64_after_hwframe+0x46/0xbb 00:32:49 executing program 5: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvram\x00', 0x62280, 0x0) ioctl$TCSETX(r0, 0x5433, &(0x7f0000001340)={0x1, 0x8000, [0x7ff, 0xaa, 0x3, 0x6, 0x4], 0x7}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd(0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={r7}) dup3(r6, r4, 0x0) readv(r3, &(0x7f00000013c0)=[{&(0x7f00000000c0)=""/133, 0x85}, {&(0x7f0000000180)=""/29, 0x1d}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/75, 0x4b}, {&(0x7f0000001280)=""/182, 0xb6}, {&(0x7f0000001340)}, {&(0x7f0000001380)=""/37, 0x25}], 0x7) 00:32:49 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = eventfd(0x0) r4 = dup3(0xffffffffffffffff, r2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r6) splice(r5, 0x0, r6, 0x0, 0x100000002, 0x0) getsockopt$TIPC_SRC_DROPPABLE(r5, 0x10f, 0x80, &(0x7f0000000000), &(0x7f0000000100)=0x4) dup2(r2, r1) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x42, r0}) [ 340.624963] RIP: 0033:0x45cb29 [ 340.628139] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 340.635895] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 340.643148] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 340.650404] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 340.657666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 340.664920] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:49 executing program 1: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x16800, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000009c0)='/dev/loop-control\x00', 0x0, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r2) r3 = eventfd(0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) r9 = dup3(r7, r5, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x2, r3}) 00:32:49 executing program 2 (fault-call:10 fault-nth:59): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:49 executing program 3: eventfd(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd(0x0) dup3(r2, r0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x80140, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r4) splice(r4, 0x0, r5, 0x0, 0x100000002, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000140), 0x0, 0x5) close(r7) splice(r6, 0x0, r7, 0x0, 0x100000002, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r9, &(0x7f0000000380)=[{&(0x7f0000000180)='w', 0x1}, {&(0x7f00000001c0)="a64dac85775c6a2826183cd0df2d82f0ca39ba45e5e10dd02f2b14d1d354f002e73943059256f22d06e8e32d9bf3536c3ba2dd69a6351480f5f45d128c34b6bcda919a8fe3c149eb4bfa222f74d93c190b9bb5325149191967ef79f5186802f54288e83e151b01c0045f8aa5828e936b0611a79ababa1f90a3c2ea17e4075ed7a264115bd0bac9fcfae2df6cb4515ca53f11", 0x92}, {&(0x7f0000000280)="474521e152f71b", 0x7}, {&(0x7f00000002c0)="f0d1167b29dd965861a80b213660d22f5e8073ac44afd7fa16305cb97e908407b3f8e504c9b3d238b19e8863910a3ca2488bbc9466cc756f97dc61c517f1713f70776c348adb7b3d7a06f8e3b19c5eb7412ddd4d91165f220b267e2cc22bd0d489bb6746d2822b085aa8dd13af8834b775cf1c6899433eaad13c27c7aec5b3ec3e24e6434bf10458aeff1a16ffa414afa9d264950353be59e192b3003b1353729816b755a5bb23e2f1b7f4991d842c5ff94b796848a3a0adc1523bb8b83354b8", 0xc0}], 0x4, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0xffffffff, r8}) unshare(0x54030000) 00:32:49 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r2, 0x118, 0x1, &(0x7f00000001c0), 0x4) write$binfmt_elf64(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="7f454c467fed09070500000000000000020006000000000075000000000000004000000000000000570300000000000007000000030038000200050001804500050000000000000001000080ffffffff09000000000000000100000000000000000000000000000007000000000000004cf90000000000002b6ef8220aa24bd640cea84250d2dddb4f56e16a9f099cbc8c90d33e0c71f6d459807197e07a960e03adbb50336b387c62eac85d450825c35ff97d8454b7518fefded96d193492d6437e697c5c373c3d2b5d182c202911921afe71e43a12792b11c4779915b0ecbdebae4074f52d92ee619b33fb76162718f39d1767ef5123b181b045a3c4fb409c96be76d2a583a11b08be52931f086128c9f63cb1ae7075a2363e666da2b08501a708f505d71d9d27e9dcf5a0ba8945045dca819368e54d983190c83c99e7231955ed2a85aa7770276ee16a4cdf3bf382f17f93ac4cacbb1fa169c83f1880324b02ef1a476069a2739e18ac1e5ac5b5c0034539a67e603cd4938aa018280d7a9c7719e9dea8bc37f99abf1632e564c23779807789ee8ecfa5e8d36eb726d1dff971ff4f3e83d1ff2b5ed5f3fb1963c9fc80af68673cd2601350cac9f4ce4519b78b9125990b401e1dbcc36e1aced0ad540a4c09052ac1b8aaadf3ab473abcb4cd795d45c3b510dff8f66513cbb05767be2d9a40bd2637b8bf6760a0cc95a02557ec90347c7874b0d27ca95cdd8a4bf89cf007ce2d62604e4449e7b1ba0edfc095e2cd09e8010fcd41900fdb2a2b9907bf4dd64e95d9e765ad6b615b96591ff96516cf516b03b7e22853b3b9940ce7e5b7a8dbda8eb45c0f0a43d8ff8a964ddcdafdd2bf34231a8ecc66feb26542fa0b37f7fee99c2858dc7bc04aa5fe85797d73fd39e819cf5e60f9ad5eba946fdee87b9ec9f35d278f327ab67a197a7950e77fa16d9c3513817117693197a323531cd4922adbbd1cc11bd51524b2d6fd3372690bc9b483dcac723c63991c2b01287457710509f1fb384a4a8bb4e579bd1aa7ed22b28e5ad8079c08008f5e4b50d679415d4c9b5234ace5387967fdf34646656a6be9ea73295fb41baa30bde5d4ba64845169148934ca049fb1551776121c223c1b5a832b649f9e7aa16113d2e31f71db9353b144fa7b3adf0607a9f0db1856f36e8e4a43c26bd5c7489f5cd2ac8137ed022e3640bc276963d899577d8f4d837b751fae7f11567718c9966c1e92f776a5d139846ea499bcc40acc6c5515c8fbb340ec04c1bac680c558b6ea6088cb7eda3d7ecc50ff1cf6928a759b537b93f73d68c84e9dd497b7a15c21c6f8b56dd3d9fe351ae8e2cfa113813170b023559f1ec4ac723b26be34baeec1430d9bb2f475ae446f32e4198105c704b244397bc4eb705ae3b2ad3331e50aa1e7cadd7f51216d9a3c7ce9a7ad84db6e46841d30cfea40ad8b1f2334d7440d6c6317571042e61ad3512745897304e673248b2bee71f016760220c952e7c0631f70e547bf712c88245fadec1d494b6d4da84d8f98ecea38d9166755da73314519d2594842d6848dae4b717b7b2b3d27e86cf173d1d9247d37aaafb56dfae50d3576e1c887e97482444c10e0609ac0ff7b507afd538c5873da22867d72db4cd3e6f797ee1d8849898e81dda81f73ec26b44c447f823095aa8eeacf08e2454a464309a73a604aa019425703fae4a2fa795bab5c459147d0abbe693e02709b08113396b3aa2f8d961dad499b94033af50493c0c9861925f2ae975e3f9145132f648198212321f763b464b70a41e0aee85f231b611bc5fff38e09cf50fe5abf16b5721169d7390461151c6aa7e13f0aec69c042604bc9794eafcf572ed4b8c6d79e029f26b49f46e3f62068fe58149d727448982effefad94df167f37b5882549dbcc99f92408d94a37d42b4b133b12ec98430d18a0aead416e772274d12f96d56ee5ce41acd7562a8e91c0de79b90dab3b24ac88feebc305ce066fb1af7eda3c22134e34996f2e20ac251f1d01b852e1547cd7d3b04510f6d7d4d244497ee7bc8c8386f9c5b76f32c3e1cfa6f771451ee39dc198f5bedcc0bfc8c2695971fd6b90e57a3e54bb37180a2f2c0ed7bf34a6d57e88ac7ca6e2cd83216f036115c893abeff4499405f363717ae75e5b88d79da4ffd513b51b5f5f2c03028ca1f9810a09261cd1ceef9efd28a9f1b11fa06e4147262335bf7657c90e8758916616f9f8adaccdde123f3e28931f013b4855be8ddb5047d8a1788ab73ddad2163289f9a7145b1376ad51101b2e1b9368df620d01b82150b629f4f31af7c2f44f7fea7f2059fc5a6428e394c815bf9e68fe44347c489371f92f1ec86ca190b18931617970caab0af34870174b2a2db45bcef9ca4789ca61ddcd865967f9c38c75f774e998fa26d61f1686c99da522454ebf74bc0fa5f875f9cb9edbec696d908413f1575354597f8a20df325f040cd8a2c9f332fce6e15f7892e114aaf32db6aa81b20c088dcc1577ca04ef6c5c05ff1823d401ef47f83373cbc59a9ef15b4af040a0d21de1aea61074ffbb78a28306fc7143f3fb66b583616316c04abb92e7f422bba87f75dedace5f4c0d74775722ec94a10cfe8c6e7554f73831ecbff25e93805b84220f73726bf999db3f1bf5e414f6e07159cb30bd2f3cad459f25fe6c92c39f79c374ca8b27ef2e560837626ad58e8ad6e8e19c5ca62da23244986cee7320c41bd27fe7b925997501bf8d098f0a9dcfd3eeb863d90ae3f604f662a9656ae3f442a51323c485e6a6d0913b250ea0b00a6182dc073f76cdc3c83815c897177e56492bf4733922d121c96a7d2a4c0a3e209c927800e27e75e3e4016573bd8820a32f54103515f9e7c001c0d0134bb762d3946084649fc6bcdafbc6402e4948970a918d73cdf1f92b3af75d7fc001416286bfb6baa2479ccf50bf7b4164ec5f6d6eaf84e1e1f4d71d9b2eca7ae8a0bfb456617dfdfe8b5674481a9196e65b84015d34b8ee80b80a59eb9ba367a750b91b57f92921e587278658f807421d82860d78eb7b7fe7028b1edbaa6e4917b08b3231e0c1e997004a9e47f864908ff4d1ec88838495ae7a6fe56ccbc56399a836c8df52f622c7bf5b9e232c3f995f1fc2939776e84accda875bf3113212f51145cdf0f5fbc764d9ed79d9c1c7532f748e8b2f2aba7e366c685a618cddf8b430965bb2d292be666d68409a8e6afb2fb37e6bb891673d82f42aee8c2e0e2f1ace8b81ebebb91f7112e37f4127fb835d88422c4c6c8e875b83b54c8678a0e9867d08bd53193685e8c7bc98072661cb0f451532b9d9130f392d677b01afc4871906b653a06b9665415986b9324622f830922172c05eee4a1375555a64b5769695fe7e59034c7cb022f483cff4898cfeb198905aee75dad8c8f5fb2642d19a8b4919f3ca01745231024965a1de256600300cd246dbb0559fc4656597acbc6fbcb27b8972f8870ff30a0372a717598ab8c12d29914d01616a9532b9f47a6247347e7316a305f0411807fc1634a19337307e88d4e446b469c5528cc91cd0e1f82abe05031862180b57dbdc990a8ca5244ae627515a7684527a788c06de42591b748a39514d3fa64aca178dd721f28390b89484b280c491ffdce3f7f88a50d2632192fd384c8ecf4896c6d2517914be8e69819dfb5e067e0ea9bf0a98de6171a48b181a8336cf4c5113f2b7a24a5f03153744a2275a82f57bcb7b3a4046baf2163543e8f5f50621e352ead93130562bf5a5dfdd9688ea90c04aa11b1fbec751084d00f3fa161aa42f7d1f64c44be6bd12fe78a887617985553425da6700d0a9a04fa1f0c028a859ae532b1adaaeb23d525517377de6a7b07590ab155d5d42bac032087b49818a772246f1bcb912ed81a564b604818f8f8170291a931bf1df0fdc4ee10abb06c4079d01c59d2b11143571871e8ff18c9be7adbad24ac206d55209bef21cef30ac6da7193ad32a2a0a81f27b934dcde9c427f016a49ee8cb32259586cad951a375bf5863b6d171d14b1826929620896877494e7f022e2cb306f1b7429917f9ad31993d7517274b326ccc6cd43f96853bc7378ad4081da52f796e322f06d02413453c14eddd5eba816eb67673bd8614426295a83fd6a026b8a8f6147c22e89be9a22016a8115eb426e5281d18931626b4f02db468ab87dfc6fbab452c052efb27cc10ea968dab939946f2a2d0e1c362808796a4c2c880753e6328d3e75496908133236097852fe451e7cfb972cb98d638f6654feb3cece3fbe4870dee7ea9cf8203e2b272728034fa1746100d5ab35096b719a762662b35d7cd84f12403a702ea13abdab7bd44f1da5f600acbec1bae3d310ed73c4cf3c8a58d52b670efaaf0d3da0640f813bbd38a5f6956140e9fbd9857df84abef80ee41b34442e4989a39eb8083a0295c9c39b9592b3b9d69eb7170328313b5011e068e8c8840f70e91e4c5e21101a161df3e98b20a26c7b4b951e8a44418f7e4d6e80a54d1d70971f6d3a211aa2b6f11281a3a773660951a1d47a268b0cad5b3aa3c15978ab43532174cf5014240a7204dd13fca10e38acf2c887e1c47db66d1cef24e8c5c28e5b8d7b869a26be98e9cfab1cb6959ceb3c5eb1e7b11f36d02b3a4eeaba3f01db966c6aff0dc25e36e4f0038c9b9f6868597050b49075816d84dd98005a3b795b2fd1adbf9f0656dd27d40d9e81520da095c818ea99a893c86cd1aa2349420931246359c38b45455c9f90606b52733b66d7570397f544a2f5a8b2eacb39a3bb8371ec9a582a0f5e04a491b92037625cc60748926d4d22d3d72731ea20f0b62e92eb9591b1eddda9d4e892c48100f7e03d344dc7aa9ecd328a6404aab71be4890f1a0065dc6a7fda8cfc855a834227a646d29fa5e4beb5f292d9e3edb202c2e79faac13cb793ba526e1fdffdda9e1045ef3ccb853142c8b1649c4c67d4badfc40e95bf33fceba3135b9c48b50610403d0e56ccd191bfe4aabc02ec2b359c27ed6f19c61d5c19b289c7f6167cbd3d4c008b0cf8c7ba01d918e8ef62fc73374fe238cb4932dd759f2efa484e072c7f745877775609b638f94283653f37f3d11e8082e9fec02c1ccfb20c1b6b16b89034d935eab1d6d929e033f91b5dc02ea3d3421341744f33c6107bda1dabf28c3f9ab4912ea6f605c9b475846757ff25f876849d00876733a80ade5fab664f8026f152dd64967974d2db517ea4151d1d662c6eff27d34af54af2ccb3b6214d50adb145d9f905e9fb5a62ca9984fb6975c78645efc0762e5dece8c8885cad7f7354b68cbe3e51e84fdfd4f5b2700038d693121fb6d84b17d35262e2d7828035f3055d4c3f5a3acdce413d3281990ad95a432dc0c41db3f702bc52ab9bce849fc2a902314f00ee3033d7166fe50299e7c625d88f63bc71c827ce25e38afdcc76e91445888f3b83d114a1f3559c073762ffe24202b404f2eca3dcf7922c43104bfe996df9cce1abe6814b53afed366a45d0f792107f9245b0e4ab882728f92eea6bce1c4bab93a228dfb9578e00a7b5bc5cc7a8e5d462dc66850c1091ad5874f6707806172a551971f0ec3bc33b21558988d220228740be6a04ba2827e10f14707f80919336563b6b4049fde87566a0ec76f45934c7b6935e03faa8677f2b3e2b90d8144c5d2862e37b70c0bfefca46ce603973596853c013d61d89a9de45449149de835f54049ff5a6a084fd56ec3d3741d79e6c664fc007384e1bba2f16f39e1b71f974a353b3a8a5b8bef5857fbc46929590a1dc104da5d3ee39747f4435b955e67bc7cc3f41a31af08f9a7fd7559131c8e8541e3e6f80bcc7b54ee1e4bc3d73402f405970e6949c9887a395186e45e82676cd0392fef7f043d52b95f3a317731d082d1d6869ffb2cdc461068bf59221bba04506e4c67fae7ee851c64ebed22bc120206d2a7c82af8e5ea3f6ec8068c79f0889011925458ec0ae37e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ecf3324500"/6520], 0x1978) r3 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd(0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={r7}) r8 = dup3(r6, r4, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x3}) [ 340.820362] FAULT_INJECTION: forcing a failure. [ 340.820362] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 340.833856] CPU: 1 PID: 17841 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 340.841849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 340.851198] Call Trace: [ 340.853784] dump_stack+0x1b2/0x283 [ 340.857526] should_fail.cold+0x10a/0x154 [ 340.861780] __alloc_pages_nodemask+0x22b/0x2730 [ 340.866798] ? kmem_cache_alloc+0x124/0x3c0 [ 340.871125] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 340.876248] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 340.880660] ? do_vfs_ioctl+0x75a/0xfe0 [ 340.884632] ? trace_hardirqs_on+0x10/0x10 [ 340.888970] ? slab_destroy+0x1f/0x50 [ 340.892755] ? check_preemption_disabled+0x35/0x240 [ 340.897766] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 340.903307] ? fs_reclaim_acquire+0x10/0x10 [ 340.907995] ? mmu_topup_memory_caches+0x83/0x300 [ 340.912847] alloc_pages_current+0xe7/0x1e0 [ 340.917292] ? kmem_cache_alloc+0x35f/0x3c0 [ 340.921622] __get_free_pages+0xb/0x40 [ 340.925506] mmu_topup_memory_caches+0x187/0x300 [ 340.930418] ? kvm_vcpu_kick+0xef/0x1f0 [ 340.934486] kvm_mmu_load+0x1e/0xc90 [ 340.938212] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 340.943943] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 340.949401] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 340.954336] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 340.960048] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 340.965325] ? lock_acquire+0x170/0x3f0 [ 340.969316] ? lock_downgrade+0x6e0/0x6e0 [ 340.973469] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 340.977612] kvm_vcpu_ioctl+0x3df/0xc70 [ 340.981743] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 340.988175] ? trace_hardirqs_on+0x10/0x10 [ 340.994111] ? __fdget_pos+0xa6/0xc0 [ 340.997977] ? fsnotify+0x897/0x1110 [ 341.002090] ? __vfs_write+0xec/0x630 [ 341.006014] ? proc_tid_io_accounting+0x20/0x20 [ 341.011611] ? SyS_write+0x1b7/0x210 [ 341.015341] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 341.021592] do_vfs_ioctl+0x75a/0xfe0 [ 341.025656] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 341.032456] ? ioctl_preallocate+0x1a0/0x1a0 [ 341.037401] ? security_file_ioctl+0x76/0xb0 [ 341.041846] ? security_file_ioctl+0x83/0xb0 [ 341.047055] SyS_ioctl+0x7f/0xb0 [ 341.050431] ? do_vfs_ioctl+0xfe0/0xfe0 [ 341.054756] do_syscall_64+0x1d5/0x640 [ 341.059561] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 341.065836] RIP: 0033:0x45cb29 [ 341.069909] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 341.078247] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 341.085984] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 341.093711] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 341.101064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 341.109385] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:51 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:51 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:32:51 executing program 2 (fault-call:10 fault-nth:60): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) prctl$PR_SVE_GET_VL(0x33, 0x14971) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) 00:32:51 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x721000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$pptp(0x18, 0x1, 0x2) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r3, 0x40106614, &(0x7f0000000000)) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) r7 = dup3(r5, r2, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x2, r0}) preadv(r1, &(0x7f0000002480)=[{&(0x7f0000000100)=""/186, 0xba}, {&(0x7f00000001c0)=""/167, 0xa7}, {&(0x7f0000000280)=""/4096, 0x1000}, {&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000002280)=""/195, 0xc3}, {&(0x7f0000002380)=""/227, 0xe3}], 0x6, 0x4) 00:32:51 executing program 1: r0 = eventfd(0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/autofs\x00', 0x200, 0x0) r2 = eventfd(0x3) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f00000001c0)={0x2, r2}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x4000, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r6, 0x8982, &(0x7f0000000100)) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x119000, 0x0) r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r8 = eventfd(0x0) r9 = dup3(r7, r4, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x2, r0}) prctl$PR_CAP_AMBIENT(0x2f, 0x4, 0x27) [ 343.326007] FAULT_INJECTION: forcing a failure. [ 343.326007] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 343.350478] CPU: 0 PID: 17925 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 343.358632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 343.370265] Call Trace: [ 343.372873] dump_stack+0x1b2/0x283 [ 343.376939] should_fail.cold+0x10a/0x154 [ 343.381837] __alloc_pages_nodemask+0x22b/0x2730 [ 343.388646] ? kmem_cache_alloc+0x124/0x3c0 [ 343.393199] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 343.399224] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 343.403838] ? do_vfs_ioctl+0x75a/0xfe0 [ 343.408434] ? trace_hardirqs_on+0x10/0x10 [ 343.413066] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 343.418006] ? cache_alloc_refill+0x1e8/0x360 [ 343.422608] ? fs_reclaim_acquire+0x10/0x10 [ 343.426955] ? mmu_topup_memory_caches+0x83/0x300 [ 343.433385] alloc_pages_current+0xe7/0x1e0 [ 343.438392] ? kmem_cache_alloc+0x35f/0x3c0 [ 343.444352] __get_free_pages+0xb/0x40 [ 343.448804] mmu_topup_memory_caches+0x187/0x300 [ 343.454327] ? kvm_vcpu_kick+0xef/0x1f0 [ 343.458577] kvm_mmu_load+0x1e/0xc90 [ 343.462411] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 343.468266] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 343.474078] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 343.479135] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 343.484961] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 343.489991] ? lock_acquire+0x170/0x3f0 [ 343.495657] ? lock_downgrade+0x6e0/0x6e0 [ 343.501163] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 343.505536] kvm_vcpu_ioctl+0x3df/0xc70 [ 343.510860] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 343.517947] ? trace_hardirqs_on+0x10/0x10 [ 343.523956] ? __fdget_pos+0xa6/0xc0 [ 343.528513] ? fsnotify+0x897/0x1110 [ 343.532593] ? __vfs_write+0xec/0x630 [ 343.536588] ? proc_tid_io_accounting+0x20/0x20 [ 343.541558] ? SyS_write+0x1b7/0x210 [ 343.545462] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 343.551942] do_vfs_ioctl+0x75a/0xfe0 [ 343.555941] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 343.561748] ? ioctl_preallocate+0x1a0/0x1a0 [ 343.566200] ? security_file_ioctl+0x76/0xb0 [ 343.571439] ? security_file_ioctl+0x83/0xb0 00:32:52 executing program 1: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ptrace$getregset(0x4204, 0xffffffffffffffff, 0x202, &(0x7f0000000300)={&(0x7f0000000200)=""/232, 0xe8}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r6) splice(r5, 0x0, r6, 0x0, 0x100000002, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000001c0)={&(0x7f0000000000)=[0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0], 0x2, 0x3, 0x3, 0x2}) r7 = eventfd(0x0) r8 = dup3(r4, r2, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x2, r0}) [ 343.577074] SyS_ioctl+0x7f/0xb0 [ 343.580446] ? do_vfs_ioctl+0xfe0/0xfe0 [ 343.584533] do_syscall_64+0x1d5/0x640 [ 343.589125] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 343.594729] RIP: 0033:0x45cb29 [ 343.598016] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 343.606968] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 343.614434] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 00:32:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6}) r7 = dup3(r5, r3, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r6, 0x0, 0x3}) [ 343.622320] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 343.630503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 343.638417] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:52 executing program 3: r0 = eventfd(0x100008c0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x4082, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$media(&(0x7f0000000140)='/dev/media#\x00', 0x2, 0x800) vmsplice(r1, &(0x7f00000002c0)=[{&(0x7f00000001c0)="5218c04f34e7459a9559454acd08f0d73f6ce340bb9bd0bc0bf181a6fbc402479c78d7c2bc56e4675615135e0519b5b85046d6fc83ce48ee5126344e1e49b02fabb5f6a591840259d8405efc460b098cf7a25c75aed20589ba2277c03a852bc22282e9f199cf59fe6d663cdae97857a5587a8f712a99d2007a1e86fcd73a5fb5c20fa40e0b5ce211374611c7c048762bb328c317054791bfa53ce24a2b8dab07cb0dbe0ea7ef70e14d414fc73263772916fbc3e9c72bdd36e0c02e08933398328de25469851c528bbf5f8a82a962f39cc72242ac480896f5cf2069d1fd88d76ba13a318c9986d821ba9846a9be3bdbc24fc64d11733a", 0xf6}], 0x1, 0x3) close(r3) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) splice(r2, 0x0, 0xffffffffffffffff, 0x0, 0x9, 0x2) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r7) splice(r6, 0x0, r7, 0x0, 0x100000002, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r7, 0x4c09, 0x7) r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r9 = eventfd(0x0) r10 = dup3(r8, r4, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r9, 0x0, 0x2, r0}) 00:32:52 executing program 1: eventfd(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x6b9101, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r6) splice(r5, 0x0, r6, 0x0, 0x100000002, 0x0) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r6, 0x84, 0x7, &(0x7f0000000100), &(0x7f0000000140)=0x4) dup3(r3, r1, 0x0) r7 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvme-fabrics\x00', 0x139403, 0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000080)={r4, 0x1, 0x7f, r7}) r8 = shmget(0x3, 0x3000, 0x40, &(0x7f0000ffc000/0x3000)=nil) shmctl$IPC_RMID(r8, 0x0) 00:32:52 executing program 2 (fault-call:10 fault-nth:61): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 343.841053] FAULT_INJECTION: forcing a failure. [ 343.841053] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 343.856641] CPU: 0 PID: 18009 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 343.865715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 343.875943] Call Trace: [ 343.878719] dump_stack+0x1b2/0x283 [ 343.882452] should_fail.cold+0x10a/0x154 [ 343.886712] __alloc_pages_nodemask+0x22b/0x2730 [ 343.891584] ? kmem_cache_alloc+0x124/0x3c0 [ 343.896412] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 343.902173] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 343.906675] ? do_vfs_ioctl+0x75a/0xfe0 [ 343.911467] ? trace_hardirqs_on+0x10/0x10 [ 343.916264] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 343.921720] ? cache_alloc_refill+0x1e8/0x360 [ 343.926794] ? fs_reclaim_acquire+0x10/0x10 [ 343.931851] ? mmu_topup_memory_caches+0x83/0x300 [ 343.937492] alloc_pages_current+0xe7/0x1e0 [ 343.942758] ? kmem_cache_alloc+0x35f/0x3c0 [ 343.948015] __get_free_pages+0xb/0x40 [ 343.952089] mmu_topup_memory_caches+0x187/0x300 [ 343.957030] ? kvm_vcpu_kick+0xef/0x1f0 [ 343.961112] kvm_mmu_load+0x1e/0xc90 [ 343.964954] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 343.970618] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 343.976016] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 343.982749] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 343.988579] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 343.993637] ? lock_acquire+0x170/0x3f0 [ 343.997711] ? lock_downgrade+0x6e0/0x6e0 [ 344.001874] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 344.006034] kvm_vcpu_ioctl+0x3df/0xc70 [ 344.010022] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 344.015920] ? trace_hardirqs_on+0x10/0x10 [ 344.020599] ? __fdget_pos+0xa6/0xc0 [ 344.024332] ? fsnotify+0x897/0x1110 [ 344.028049] ? __vfs_write+0xec/0x630 [ 344.031855] ? proc_tid_io_accounting+0x20/0x20 [ 344.036533] ? SyS_write+0x1b7/0x210 00:32:52 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x24000, 0x0) getresuid(&(0x7f0000000040), &(0x7f0000000100), &(0x7f0000000140)=0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = creat(&(0x7f0000000140)='./bus\x00', 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) fchown(r6, 0xee01, r7) r8 = geteuid() write$P9_RSTATu(r3, &(0x7f0000000180)={0x61, 0x7d, 0x1, {{0x0, 0x4c, 0xfe01, 0x7fff, {0x31, 0x3, 0x1}, 0x24200000, 0x9, 0x9, 0xffffffff, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x5, '-\':\'#', 0x2, '+\x00'}, 0x0, '', r4, r7, r8}}, 0x61) r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r10 = eventfd(0x0) r11 = dup3(r9, r2, 0x0) ioctl$KVM_IRQFD(r11, 0x4020ae76, &(0x7f0000000080)={r10, 0x0, 0x2, r0}) [ 344.040257] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 344.048724] do_vfs_ioctl+0x75a/0xfe0 [ 344.052814] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 344.058507] ? ioctl_preallocate+0x1a0/0x1a0 [ 344.063818] ? security_file_ioctl+0x76/0xb0 [ 344.068596] ? security_file_ioctl+0x83/0xb0 [ 344.073332] SyS_ioctl+0x7f/0xb0 [ 344.077150] ? do_vfs_ioctl+0xfe0/0xfe0 [ 344.081239] do_syscall_64+0x1d5/0x640 [ 344.085513] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 344.091156] RIP: 0033:0x45cb29 [ 344.094618] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 344.102512] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 344.110143] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 344.118053] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 344.125683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 344.134579] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 00:32:54 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c05", 0x8}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 00:32:54 executing program 1: r0 = eventfd(0xfff) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x500800, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) r6 = dup3(r4, r2, 0x0) pkey_alloc(0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r8) dup(r7) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000140)={r8, r8}) splice(r7, 0x0, r8, 0x0, 0x100000002, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000000)={'ip6gretap0\x00', 0x1000}) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r5, 0x0, 0x2, r0}) 00:32:54 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @broadcast, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10004, 0x0) 00:32:54 executing program 5: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r1) splice(r0, 0x0, r1, 0x0, 0x100000002, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000340)={r3, @in6={{0xa, 0x4e20, 0x0, @mcast1}}, 0x0, 0x0, 0x4}, 0x9c) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000000c0)={r3, 0x8}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000240)={r4, 0xbd, "2773e961479821233258090b48115755bfa79f88e472c6a0a9a7ef79ba73db4345039c6bcf0d0e523bc4cf993059ac86e1327c0c7474da63b106af35a31eb76b6b89b7a8502326b2ef581a7e4c83084acb5f59d666bead732b39e691a148b77ff10b6d32fe15c0c5b2c58758e84e9a7f6595ef9b082535fa60c52c484a27ba317f663c843fd0de350e1222b0e2f17bdc579e6e1f266e36324cb1bf14b3f44c8e1f9d222e7b08fd53a08d60b5b6c1684e665c5d742117babad4b4907db0"}, &(0x7f0000000140)=0xc5) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x2b546, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = eventfd(0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000000)={r10}) r11 = dup3(r9, r7, 0x0) ioctl$KVM_IRQFD(r11, 0x4020ae76, &(0x7f0000000080)={r10, 0x0, 0x3}) 00:32:54 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = eventfd(0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r5) splice(r4, 0x0, r5, 0x0, 0x100000002, 0x0) r6 = socket(0x2b, 0x4, 0x1e0000) sendmsg$IPSET_CMD_GET_BYINDEX(r6, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0xf, 0x6, 0x801, 0x0, 0x0, {0xc, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_INDEX={0x6, 0xb, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x880}, 0x4802) ioctl$TCSETSW2(r5, 0x402c542c, &(0x7f0000000000)={0xfff, 0x1ff, 0xfffffff7, 0x14ae, 0x9, "3fa898099abd6c760059777b6faccac5922932", 0x326e, 0x401}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r0}) 00:32:54 executing program 2 (fault-call:10 fault-nth:62): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:32:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r7) splice(r6, 0x0, r7, 0x0, 0x100000002, 0x0) ioctl$RTC_PLL_GET(r6, 0x80207011, &(0x7f0000000040)) r8 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r8}) r9 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0) fallocate(r9, 0x46, 0xe6a, 0x5) r10 = dup3(r5, r3, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x3}) [ 346.388652] FAULT_INJECTION: forcing a failure. [ 346.388652] name fail_page_alloc, interval 1, probability 0, space 0, times 0 00:32:55 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) openat$random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x880, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r5) splice(r4, 0x0, r5, 0x0, 0x100000002, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dlm-control\x00', 0x30900, 0x0) pipe(&(0x7f0000000280)) vmsplice(r3, &(0x7f00000003c0), 0x2, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r7 = eventfd(0x0) r8 = semget$private(0x0, 0x2, 0x552) semctl$GETPID(r8, 0x2, 0xb, 0x0) semctl$GETZCNT(r8, 0x3, 0xf, &(0x7f0000000100)=""/207) r9 = dup3(r6, r2, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r7, 0x0, 0x2, r0}) [ 346.438945] CPU: 0 PID: 18079 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 346.447068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 346.457614] Call Trace: [ 346.460398] dump_stack+0x1b2/0x283 [ 346.465267] should_fail.cold+0x10a/0x154 [ 346.469609] __alloc_pages_nodemask+0x22b/0x2730 [ 346.475285] ? kmem_cache_alloc+0x124/0x3c0 [ 346.480652] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 346.490573] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 346.495295] ? do_vfs_ioctl+0x75a/0xfe0 [ 346.499459] ? trace_hardirqs_on+0x10/0x10 [ 346.503723] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 346.508681] ? fs_reclaim_acquire+0x10/0x10 [ 346.513484] ? validate_scan_freqs+0xd0/0x2d0 [ 346.518109] ? mmu_topup_memory_caches+0x83/0x300 [ 346.523526] alloc_pages_current+0xe7/0x1e0 [ 346.528392] ? kmem_cache_alloc+0x35f/0x3c0 [ 346.532899] __get_free_pages+0xb/0x40 [ 346.536802] mmu_topup_memory_caches+0x187/0x300 [ 346.542838] ? kvm_vcpu_kick+0xef/0x1f0 [ 346.548549] kvm_mmu_load+0x1e/0xc90 [ 346.552971] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 346.559541] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 346.565445] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 346.571334] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 346.578333] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 346.584588] ? lock_acquire+0x170/0x3f0 00:32:55 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x26c4f7cd5e1b78c0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(0xffffffffffffffff) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000002, 0x0) getsockname$l2tp(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x0, @remote}, &(0x7f00000002c0)=0x10) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000002, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000340)={r3, @in6={{0xa, 0x4e20, 0x0, @mcast1}}, 0x0, 0x0, 0x4}, 0x9c) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000000)={r3, 0xe8b2}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000240)=@assoc_id=r4, 0x4) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd(0x0) r9 = dup3(r7, r5, 0x0) ioctl$sock_x25_SIOCADDRT(r9, 0x890b, &(0x7f0000000100)={@remote={[], 0x3}, 0x6, 'bridge0\x00'}) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r8, 0x0, 0x2, r0}) [ 346.589043] ? lock_downgrade+0x6e0/0x6e0 [ 346.593290] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 346.597465] kvm_vcpu_ioctl+0x3df/0xc70 [ 346.601838] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 346.608167] ? trace_hardirqs_on+0x10/0x10 [ 346.613215] ? __fdget_pos+0xa6/0xc0 [ 346.619544] ? fsnotify+0x897/0x1110 [ 346.623509] ? __vfs_write+0xec/0x630 [ 346.627312] ? proc_tid_io_accounting+0x20/0x20 [ 346.631982] ? SyS_write+0x1b7/0x210 [ 346.635898] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 346.641787] do_vfs_ioctl+0x75a/0xfe0 [ 346.645599] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 346.651235] ? ioctl_preallocate+0x1a0/0x1a0 [ 346.655750] ? security_file_ioctl+0x76/0xb0 [ 346.660251] ? security_file_ioctl+0x83/0xb0 [ 346.664668] SyS_ioctl+0x7f/0xb0 [ 346.668038] ? do_vfs_ioctl+0xfe0/0xfe0 [ 346.672025] do_syscall_64+0x1d5/0x640 [ 346.675929] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 346.681123] RIP: 0033:0x45cb29 [ 346.684311] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 346.692023] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 346.699383] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 346.706672] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 346.714469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 346.721741] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4 [ 346.723816] audit: type=1800 audit(1593736375.364:16): pid=18147 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name=8001 dev="sda1" ino=16862 res=0 00:32:55 executing program 3: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x400843, 0x0) chdir(&(0x7f0000000000)='./file0\x00') r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) r5 = dup3(r1, r3, 0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r4, 0x0, 0x2, r0}) 00:32:55 executing program 1: r0 = eventfd(0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0)='batadv\x00') r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_GATEWAYS(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x1c, r2, 0x711, 0x0, 0x0, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c00050e", @ANYRES16=r2, @ANYBLOB="04002abd7000fedbdf25050000000500300000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x884}, 0x4040005) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r9 = eventfd(0x0) r10 = dup3(0xffffffffffffffff, r7, 0x0) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000080)={r9, 0x0, 0x2, r0}) r11 = socket$inet_udplite(0x2, 0x2, 0x88) r12 = creat(&(0x7f0000000140)='./bus\x00', 0x0) getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) fchown(r12, 0xee01, r13) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000a40)=[{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000008c0)=[{&(0x7f0000000300)="ce55799026a6035fc5197dd06027d1b210c01b2607cf4b8b8a1cd735a1f3f770d5727e901b9d2314d19c87077d54948de690b54485d7fcddccd24f0e4d5b5518dd3a22d132b0d98086d90155ae802d451626f0deea6469727a0144a9195f1a05c5e9834938e302e58b2eac3c3866945bb292d454a78ff2911648db1b3746cff970e0772a00d49b816dc500bb8c32f023265e904dd780b77f923fd8370644e9b1a46dea6fd3490fc79f047a25f14797b614f5d9c9653d281a4313c92053e158", 0xbf}, {&(0x7f00000003c0)="d5b3b78d7a5ad1d891b2af510d05701e692ffd1a16f610d52592be6554fc28653f788b1cc3fe766b928c018b7901e5dc97b3a0c35a3a7773aaea0c6de9ec2636b7820a4b3e9daf0348c2e6bdec59471f16e738cc6c86b3bb545b3ef9f1b6b4dfceb19cd44a3c18f075bd0b091917bfeb138b550c2d73fd5a8fe1c3b4d2c07cd486eda564", 0x84}, {&(0x7f0000000480)="15682459f2ccb17027641a9297a9492501157dbef1ef9cd1f6e49bd17dce51156027f99397c24cc50031b4b1aee26c5d4001da39446ae266fff0e424d95b399e101c4efa8cbf6d82d1b3aede399b6ab9cbe6a8ee744daada8f29c581752b1e5d71c7eebff20392aad96991bce27f111c94396bdfaef013726999745b70f47bba7d9190ecd3f97461b0ec3cd264e88b89bd7efff04962d717585651", 0x9b}, {&(0x7f0000000540)="e37b320192a77d1941d977ca6fc18b0e75df316f65f6af2cd2953c686b51259c871181cab2084d58c65f9a5cd50034365794330dac9e2239e4b7d4fac744e923fdf23b6be90c69de44f66b7c9cd528c884b2fe1f0f8a0c170f0f5189eac571b452603af01daac5a3922e43cb12c4e0f52ded1c41afe6f9b19b07eab78bc196f66e62a3d275a590a3ff5cec1dec6a1c08586ded95c8ed8a0897bf43914d51d5c3b409e4477e2ecdd150721c4376bc21b6280cee1f69a94fa49d", 0xb9}, {&(0x7f0000000600)="e55fb8b92144ba2094281bba64d1ca6d142aeae7a51fa11ae04ddaf8c97c2e23a274bec80a3fc8d171d2730aa3a546be40044e020ac39699c8d7bccc6a55d9dbec116de656518a780b32e16d8835a8a62dd160ea4b22546a08d7902ebdaec3e79eb8d053ad795a5760ad8d6640c86e06cda8793fe09bdba21d9361b6cb4a344e14627b8f073025e5bcfeab27aa032004f7e15adf33d317ce294f606606a935e407b899", 0xa3}, {&(0x7f00000006c0)="448b209a030dfdeba7042aad20ab2bc60a25fd8b94b2cac9e5c6d55e027da53136df276cd253f9ba1ed1f0582e1ca92ab7fe116e974657df2b9db9c0b5582149e3aba1d206a2c782d2cfe6597e48c00e98c60a32018d4e25f809e9da0241513e7412795b760115c50dbf367d0801df235938df8618b78c5bb5663f91f83cfc06469bae780f27bdc9ade2d450562b254a41a20ab53c5571a2962ae2195f88a11adfe4935597294e3c0988ba26acd79f213832677f808b47185f6d27a2fc7e47bce9422afadb23d9971854a38037e26f42b3c5360f9da1d8aa61e3623e9cf4f95d2c6c8ff08dd5177c377020784b0619c5", 0xf0}, {&(0x7f00000007c0)="0560823f025972ac629b3e5b66d5aa75a768a1407e74a4a592c70e05715faa81d0c7d6a33a5412554f4aa7bdad91bc2e4ae45b116425bbc70a945a12d83ee27d4aa6b70bceb4e515d97b2b0ee595a10a7b4cdb3cc35cc773e1893a0b1f68f235aee916b2180cbd95570dd1a8fbffb671d0d593bb92f10acecad0302e6e7f24f8730d1209007d9881cc74776482f5cfdd6f2918147878a1d15b9951a9e99b0f883980a7e6015afa34aa130b340991bfd1d7878dc78de60de604cf88948f3a498de2fa34d2f3dfefe772e0cd1c5a42cd5b823ae55c1286", 0xd6}, {&(0x7f0000000200)="89a19de9d7ca9004f3a49f08babac9624841", 0x12}], 0x8, &(0x7f0000000a00)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, r0, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r13}}}], 0x40, 0x20040090}], 0x1, 0x81) 00:32:55 executing program 2 (fault-call:10 fault-nth:63): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) dup3(r3, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x73ec7}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 346.927265] FAULT_INJECTION: forcing a failure. [ 346.927265] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 346.972287] CPU: 1 PID: 18175 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 346.980218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 346.989578] Call Trace: [ 346.992186] dump_stack+0x1b2/0x283 [ 346.995832] should_fail.cold+0x10a/0x154 [ 346.999994] __alloc_pages_nodemask+0x22b/0x2730 [ 347.004760] ? kmem_cache_alloc+0x124/0x3c0 [ 347.009971] ? kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 347.015170] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 347.019676] ? do_vfs_ioctl+0x75a/0xfe0 [ 347.023752] ? trace_hardirqs_on+0x10/0x10 [ 347.028021] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 347.032882] ? fs_reclaim_acquire+0x10/0x10 [ 347.037323] ? mmu_topup_memory_caches+0x83/0x300 [ 347.045313] alloc_pages_current+0xe7/0x1e0 [ 347.049637] ? kmem_cache_alloc+0x35f/0x3c0 [ 347.054105] __get_free_pages+0xb/0x40 [ 347.058161] mmu_topup_memory_caches+0x187/0x300 [ 347.063344] ? kvm_vcpu_kick+0xef/0x1f0 [ 347.067541] kvm_mmu_load+0x1e/0xc90 [ 347.071947] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 347.078054] ? kvm_apic_accept_pic_intr+0xce/0x160 [ 347.083936] kvm_arch_vcpu_ioctl_run+0x371f/0x58f0 [ 347.088877] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 347.094665] ? kvm_arch_vcpu_runnable+0x520/0x520 [ 347.099498] ? lock_acquire+0x170/0x3f0 [ 347.103486] ? lock_downgrade+0x6e0/0x6e0 [ 347.107814] ? kvm_vcpu_ioctl+0x3df/0xc70 [ 347.112253] kvm_vcpu_ioctl+0x3df/0xc70 [ 347.116326] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 347.123256] ? trace_hardirqs_on+0x10/0x10 [ 347.127756] ? __fdget_pos+0xa6/0xc0 [ 347.131474] ? fsnotify+0x897/0x1110 [ 347.136814] ? __vfs_write+0xec/0x630 [ 347.140859] ? proc_tid_io_accounting+0x20/0x20 [ 347.145588] ? SyS_write+0x1b7/0x210 [ 347.149403] ? kvm_vm_ioctl_check_extension_generic+0xb0/0xb0 [ 347.155477] do_vfs_ioctl+0x75a/0xfe0 [ 347.159268] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 347.165227] ? ioctl_preallocate+0x1a0/0x1a0 [ 347.169988] ? security_file_ioctl+0x76/0xb0 [ 347.174501] ? security_file_ioctl+0x83/0xb0 [ 347.179411] SyS_ioctl+0x7f/0xb0 [ 347.184060] ? do_vfs_ioctl+0xfe0/0xfe0 [ 347.188060] do_syscall_64+0x1d5/0x640 [ 347.192504] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 347.198079] RIP: 0033:0x45cb29 [ 347.201404] RSP: 002b:00007fd83c174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 347.209764] RAX: ffffffffffffffda RBX: 00000000004e8ae0 RCX: 000000000045cb29 [ 347.217562] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 347.225499] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 347.233285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 347.241362] R13: 00000000000003d2 R14: 00000000004c68e0 R15: 00007fd83c1756d4