{0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x560) [ 582.584557][ T26] audit: type=1800 audit(1587930470.094:484): pid=24326 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="loop3" ino=277 res=0 19:47:50 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0xc}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:47:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1b00) [ 582.825955][ T26] audit: type=1800 audit(1587930470.424:485): pid=24374 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=278 res=0 19:47:50 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 582.901254][T24374] attempt to access beyond end of device [ 582.913447][ T26] audit: type=1804 audit(1587930470.474:486): pid=24383 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/435/file0/file0" dev="loop3" ino=278 res=1 19:47:50 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x561) [ 582.951487][T24374] loop3: rw=2049, want=130, limit=127 19:47:50 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xe8, r4, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x12, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 582.976819][T24374] Buffer I/O error on dev loop3, logical block 129, lost async page write [ 583.027545][T24374] attempt to access beyond end of device [ 583.043994][T24374] loop3: rw=2049, want=131, limit=127 [ 583.060578][T24374] Buffer I/O error on dev loop3, logical block 130, lost async page write 19:47:50 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0xc}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:47:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1e01) [ 583.133096][T24374] attempt to access beyond end of device 19:47:50 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x570) [ 583.187483][T24374] loop3: rw=2049, want=132, limit=127 [ 583.222087][T24374] attempt to access beyond end of device [ 583.264162][T24374] loop3: rw=2049, want=133, limit=127 [ 583.291216][T24374] attempt to access beyond end of device [ 583.338148][T24374] loop3: rw=2049, want=142, limit=127 [ 583.375678][T24374] attempt to access beyond end of device [ 583.406446][T24374] loop3: rw=2049, want=143, limit=127 19:47:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x2000) [ 583.448085][T24374] attempt to access beyond end of device [ 583.478984][T24374] loop3: rw=2049, want=144, limit=127 [ 583.522380][T24374] attempt to access beyond end of device [ 583.568068][T24374] loop3: rw=2049, want=145, limit=127 [ 583.605994][T24374] attempt to access beyond end of device [ 583.661951][T24374] loop3: rw=2049, want=146, limit=127 [ 583.692170][ T26] audit: type=1804 audit(1587930471.294:487): pid=24383 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/435/file0/file0" dev="loop3" ino=278 res=1 19:47:51 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x571) 19:47:51 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0xe9) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) 19:47:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x2201) 19:47:51 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 583.824359][ T26] audit: type=1800 audit(1587930471.294:488): pid=24383 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="loop3" ino=278 res=0 [ 583.933336][ T26] audit: type=1800 audit(1587930471.294:489): pid=24443 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="loop3" ino=278 res=0 19:47:51 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xe8, r4, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x12, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:47:51 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x572) [ 584.018041][T24472] attempt to access beyond end of device [ 584.023844][T24472] loop3: rw=2049, want=130, limit=127 [ 584.029972][T24472] attempt to access beyond end of device [ 584.035912][T24472] loop3: rw=2049, want=131, limit=127 [ 584.043132][T24472] attempt to access beyond end of device [ 584.049844][T24472] loop3: rw=2049, want=132, limit=127 [ 584.055880][T24472] attempt to access beyond end of device [ 584.062712][T24472] loop3: rw=2049, want=133, limit=127 [ 584.069858][T24472] attempt to access beyond end of device [ 584.075705][T24472] loop3: rw=2049, want=142, limit=127 [ 584.082110][T24472] attempt to access beyond end of device [ 584.088010][T24472] loop3: rw=2049, want=143, limit=127 [ 584.094153][T24472] attempt to access beyond end of device [ 584.100296][T24472] loop3: rw=2049, want=144, limit=127 [ 584.105828][T24472] attempt to access beyond end of device [ 584.111642][ T26] audit: type=1800 audit(1587930471.584:490): pid=24472 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=279 res=0 [ 584.114509][T24472] loop3: rw=2049, want=145, limit=127 [ 584.137500][T24472] attempt to access beyond end of device [ 584.149098][T24472] loop3: rw=2049, want=147, limit=127 19:47:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x2a00) 19:47:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:47:51 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="2321202e2f66696c653020f014"], 0xd) close(r4) ioctl$CAPI_GET_MANUFACTURER(r4, 0xc0044306, &(0x7f0000000000)=0x7dd6) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) 19:47:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x2c00) 19:47:52 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x580) 19:47:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:47:52 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="2321202e2f66696c653020f014"], 0xd) close(r1) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000140)={&(0x7f0000000080)=[0x104, 0x1fd, 0x80000], 0x3, 0x9, 0x1, 0xffffffff, 0xfff, 0x3, 0x200, {0xfffffe01, 0x1, 0x40, 0x0, 0x81, 0x3f, 0x3, 0x5, 0x0, 0x6, 0x1f, 0x2, 0x9, 0xffffffff, "1a871772f9ff6e2a8d61647b842dd0b48e14dece4072588a8c00"}}) fchdir(r0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) ioctl$DRM_IOCTL_INFO_BUFS(0xffffffffffffffff, 0xc0106418, &(0x7f0000000000)={0x0, 0x2, 0x4, 0x7, 0x13, 0x1f}) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x7fffffa7) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="2321202e2f66696c653020f014"], 0xd) close(r4) ioctl$TIOCMBIC(r4, 0x5417, &(0x7f00000000c0)=0x1) 19:47:52 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x587) 19:47:52 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:47:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3008) 19:47:52 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000380)={0xe8, r4, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x12, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:47:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd0, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:47:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3400) 19:47:52 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x600) 19:47:52 executing program 3: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x100000000000, 0x0, &(0x7f0000000240), 0x1004, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x80) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) open$dir(&(0x7f00000000c0)='./file0\x00', 0xd0001, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp1\x00', 0x10000, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="2321202e2f66696c653020f014"], 0xd) close(r3) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@multicast1, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@private0}}, &(0x7f0000000140)=0xe8) ioctl$SIOCAX25GETUID(r3, 0x89e0, &(0x7f0000000180)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, r4}) 19:47:52 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000380)={0xe8, r4, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x12, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 585.550337][T24614] kvm_set_msr_common: 413 callbacks suppressed [ 585.550365][T24614] kvm [24610]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop [ 585.571375][T24614] kvm [24610]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop [ 585.582265][T24614] kvm [24610]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop [ 585.605451][T24614] kvm [24610]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop [ 585.615937][T24614] kvm [24610]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop [ 585.626580][T24614] kvm [24610]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop [ 585.637022][T24614] kvm [24610]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop 19:47:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3a00) 19:47:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x6e0) [ 585.647492][T24614] kvm [24610]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop [ 585.662272][T24614] kvm [24610]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop [ 585.673105][T24614] kvm [24610]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop 19:47:53 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x8100, 0x46) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, &(0x7f00000000c0)={{{@in6=@loopback, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@empty}}, &(0x7f0000000300)=0xe8) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r7, &(0x7f0000000540)=ANY=[@ANYBLOB="2321202e2f66696c653020f014"], 0xd) close(r7) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340)='nl80211\x00') sendmsg$NL80211_CMD_REQ_SET_REG(r7, &(0x7f0000000640)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x30, r8, 0x405, 0x70bd28, 0x25dfdbfd, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x4}, @NL80211_ATTR_REG_RULES={0xc, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0xffffffff}]}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0xffffffffffffffff}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x8000891) ioprio_get$uid(0x0, r6) syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000080)='./file0\x00', 0xffffffffffff8001, 0x3, &(0x7f0000000240)=[{&(0x7f00000003c0)="3b5d9ac7e5edfdeb7c30204ea0cea47fd21c2ee56f924007f57c618c28aa56f9b8a6fda1f100ca355ac9f82710f689eff71f05e9b6d8d9eb5824547518974f6cdc15359cab50907e1095fa4a1b4a2f5830365b9f94e5d7ee9351adec95e38838c6894fbe042e6710683013f3d915058e453945a1dee6cb746036e1c01018198b4614ae3c754683af01625aac26bd7c2a04d9547a6561f36d113a50903f2be0e1eaf2c936123acbe88dcc033d675046f01e50196d187b0ba9b058fcd5f378c007ea2af36f6be29ff3fffcccd808ffabfff860a3fce0478758119e7422d117a862982e768697a2b234bec13238c2be04aa223db65edbc1e45c386b7d41", 0xfc, 0x6}, {&(0x7f00000000c0)="91c6c5df393961aeb939c5548e5bb116fe39aae87b3c37e54756f94fb66af617c59c1969cfa005cb36a23cc5c15dd0", 0x2f, 0xfff}, {&(0x7f0000000140)="f1baa3a79a84b296d20ab1d77a5f2da72d78fa329c487d4516673c4542d208c917843d86a881d8609c010f3c103bb2a691316e9848532a9af0252737f3433d0c3de5b5182f97d438f5950a398d927eb8e7fcb186fa25490034de", 0x5a, 0x91fa}], 0x0, &(0x7f0000000580)={[{@check_relaxed='check=relaxed'}, {@norock='norock'}, {@mode={'mode', 0x3d, 0x2}}, {@uid={'uid', 0x3d, r6}}, {@block={'block', 0x3d, 0xa00}}], [{@func={'func', 0x3d, 'CREDS_CHECK'}}, {@mask={'mask', 0x3d, 'MAY_WRITE'}}, {@measure='measure'}, {@mask={'mask', 0x3d, 'MAY_WRITE'}}, {@hash='hash'}, {@obj_user={'obj_user', 0x3d, '}$\xd6^'}}]}) 19:47:53 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:47:53 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd0, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:47:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x700) [ 585.976289][T24644] attempt to access beyond end of device [ 585.988734][T24644] loop3: rw=2049, want=130, limit=127 [ 585.997292][T24644] attempt to access beyond end of device [ 586.003511][T24644] loop3: rw=2049, want=131, limit=127 [ 586.009219][T24644] attempt to access beyond end of device [ 586.015282][T24644] loop3: rw=2049, want=132, limit=127 19:47:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3b00) [ 586.021316][T24644] attempt to access beyond end of device [ 586.036777][T24644] loop3: rw=2049, want=133, limit=127 [ 586.049025][T24644] attempt to access beyond end of device [ 586.056807][T24644] loop3: rw=2049, want=142, limit=127 [ 586.072186][T24644] attempt to access beyond end of device [ 586.080187][T24644] loop3: rw=2049, want=143, limit=127 [ 586.090422][T24644] attempt to access beyond end of device [ 586.097144][T24644] loop3: rw=2049, want=144, limit=127 [ 586.136636][T24644] attempt to access beyond end of device [ 586.177099][T24644] loop3: rw=2049, want=145, limit=127 [ 586.217227][T24644] attempt to access beyond end of device 19:47:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x803) [ 586.243526][T24644] loop3: rw=2049, want=147, limit=127 19:47:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4001) [ 586.313552][ T26] kauditd_printk_skb: 15 callbacks suppressed [ 586.313620][ T26] audit: type=1800 audit(1587930473.914:506): pid=24644 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="loop3" ino=282 res=0 19:47:54 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000380)={0xe8, r4, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x12, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 586.415775][ T8060] attempt to access beyond end of device [ 586.436562][ T8060] loop3: rw=1, want=150, limit=127 19:47:54 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r3 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) r4 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)) r5 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) r6 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) r7 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r7, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) r8 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) dup3(r8, 0xffffffffffffffff, 0x80000) sendfile(r1, r2, 0x0, 0x7fffffa7) 19:47:54 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:47:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x830) 19:47:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4800) [ 586.658416][ T26] audit: type=1800 audit(1587930474.254:507): pid=24707 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=283 res=0 [ 586.859645][ T26] audit: type=1804 audit(1587930474.294:508): pid=24707 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/441/file0/file0" dev="loop3" ino=283 res=1 19:47:54 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:47:54 executing program 3: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="2321202e2f66696c653020f014"], 0xd) close(r0) setsockopt$TIPC_GROUP_LEAVE(r0, 0x10f, 0x88) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r3 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r4, r3, 0x0) sendfile(r2, r3, 0x0, 0x7fffffa7) 19:47:54 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd0, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:47:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xa00) 19:47:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4900) 19:47:54 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:47:54 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x388, 0x1c8, 0x150, 0x150, 0x0, 0x0, 0x2b8, 0x238, 0x238, 0x2b8, 0x238, 0x3, 0x0, {[{{@ipv6={@dev, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [], [], 'xfrm0\x00', 'wg0\x00'}, 0x0, 0x158, 0x1c8, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'dummy0\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x10001, 0x7}}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "a262a468ac19ee142f2074290dc068f491e59991449d9b21985e92d178fb74a040acf116215e2f049e21704f59fc95c82eca7d40397b8be43f3067d37a412a6c"}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3e8) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000000)={@local, 0x9, 0x0, 0xfd, 0x6, 0x6}, &(0x7f0000000080)=0x20) fchdir(r0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r3 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r5 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r5, &(0x7f0000000540)=ANY=[@ANYBLOB="0000202c2f66696c653020f0fe"], 0xd) close(r5) ioctl$PPPIOCDISCONN(r5, 0x7439) dup3(r4, r3, 0x0) sendfile(r2, r3, 0x0, 0x7fffffa7) 19:47:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x6005) 19:47:55 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xa01) 19:47:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 587.641589][ T26] audit: type=1800 audit(1587930475.244:509): pid=24778 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=284 res=0 19:47:55 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 587.672173][ T26] audit: type=1804 audit(1587930475.264:510): pid=24795 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/443/file0/file0" dev="loop3" ino=284 res=1 [ 587.701594][ T26] audit: type=1804 audit(1587930475.264:511): pid=24778 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/443/file0/file0" dev="loop3" ino=284 res=1 [ 587.725678][T24778] attempt to access beyond end of device 19:47:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x6105) [ 587.746186][T24778] loop3: rw=2049, want=130, limit=127 [ 587.753444][T24778] buffer_io_error: 22 callbacks suppressed [ 587.753457][T24778] Buffer I/O error on dev loop3, logical block 129, lost async page write [ 587.768563][T24778] attempt to access beyond end of device [ 587.775167][T24778] loop3: rw=2049, want=131, limit=127 [ 587.781233][T24778] Buffer I/O error on dev loop3, logical block 130, lost async page write [ 587.790382][T24778] attempt to access beyond end of device [ 587.796453][T24778] loop3: rw=2049, want=132, limit=127 [ 587.802910][T24778] Buffer I/O error on dev loop3, logical block 131, lost async page write [ 587.811957][T24778] attempt to access beyond end of device [ 587.818056][T24778] loop3: rw=2049, want=133, limit=127 [ 587.824114][T24778] Buffer I/O error on dev loop3, logical block 132, lost async page write [ 587.833798][T24778] attempt to access beyond end of device [ 587.839948][T24778] loop3: rw=2049, want=142, limit=127 19:47:55 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 587.845602][T24778] Buffer I/O error on dev loop3, logical block 141, lost async page write [ 587.878428][T24778] attempt to access beyond end of device 19:47:55 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xbff) [ 587.908981][T24778] loop3: rw=2049, want=143, limit=127 [ 587.914397][T24778] Buffer I/O error on dev loop3, logical block 142, lost async page write [ 587.983642][T24778] attempt to access beyond end of device [ 588.001661][T24778] loop3: rw=2049, want=144, limit=127 19:47:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7005) [ 588.036703][T24778] Buffer I/O error on dev loop3, logical block 143, lost async page write [ 588.084927][T24778] attempt to access beyond end of device [ 588.126363][T24778] loop3: rw=2049, want=145, limit=127 [ 588.155940][T24778] Buffer I/O error on dev loop3, logical block 144, lost async page write 19:47:55 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xd90) [ 588.216168][T24778] attempt to access beyond end of device [ 588.248624][T24778] loop3: rw=2049, want=147, limit=127 [ 588.296466][ T26] audit: type=1804 audit(1587930475.894:512): pid=24795 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/443/file0/file0" dev="loop3" ino=284 res=1 [ 588.457024][ T26] audit: type=1804 audit(1587930475.934:513): pid=24795 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/443/file0/file0" dev="loop3" ino=284 res=1 19:47:56 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x2c140, 0xa4) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r4 = openat$md(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/md0\x00', 0x400, 0x0) ioctl$BLKALIGNOFF(r4, 0x127a, &(0x7f0000000140)) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x400000, 0x0) 19:47:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7105) 19:47:56 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:47:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:47:56 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xda0) 19:47:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:47:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7205) [ 588.825884][ T26] audit: type=1800 audit(1587930476.424:514): pid=24886 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=285 res=0 19:47:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:47:56 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1100) 19:47:56 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r4 = dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) sendmsg$OSF_MSG_REMOVE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x1, 0x5, 0x201, 0x0, 0x0, {0xc, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x2000c055) getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000700)={{{@in6, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4}, 0x0, @in6=@private0}}, &(0x7f0000000800)=0xe8) bind$can_j1939(r3, &(0x7f0000000840)={0x1d, r5, 0x3, {0x2, 0x1, 0x4}, 0xff}, 0x18) 19:47:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:47:56 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:47:56 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1200) 19:47:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7401) [ 589.294637][ T26] audit: type=1800 audit(1587930476.894:515): pid=24932 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=286 res=0 [ 589.411773][T24932] attempt to access beyond end of device [ 589.494391][T24932] loop3: rw=2049, want=130, limit=127 19:47:57 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1700) [ 589.568192][T24932] Buffer I/O error on dev loop3, logical block 129, lost async page write 19:47:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7501) 19:47:57 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xc8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 589.621326][T24932] attempt to access beyond end of device [ 589.653841][T24932] loop3: rw=2049, want=131, limit=127 [ 589.688842][T24932] Buffer I/O error on dev loop3, logical block 130, lost async page write [ 589.752183][T24932] attempt to access beyond end of device [ 589.785084][T24932] loop3: rw=2049, want=132, limit=127 19:47:57 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1b00) 19:47:57 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 589.831744][T24932] attempt to access beyond end of device [ 589.849774][T24932] loop3: rw=2049, want=133, limit=127 [ 589.896793][T24932] attempt to access beyond end of device [ 589.927616][T24932] loop3: rw=2049, want=142, limit=127 [ 589.947873][T24932] attempt to access beyond end of device [ 589.970220][T24932] loop3: rw=2049, want=143, limit=127 19:47:57 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:47:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7601) [ 589.994400][T24932] attempt to access beyond end of device [ 590.026716][T24932] loop3: rw=2049, want=144, limit=127 [ 590.063482][T24932] attempt to access beyond end of device [ 590.094334][T24932] loop3: rw=2049, want=145, limit=127 [ 590.140457][T24932] attempt to access beyond end of device [ 590.177190][T24932] loop3: rw=2049, want=147, limit=127 19:47:57 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) connect$pptp(r3, &(0x7f0000000000)={0x18, 0x2, {0x0, @multicast2}}, 0x1e) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) 19:47:57 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1e01) 19:47:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7702) 19:47:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:47:58 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x2000) 19:47:58 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xc8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:47:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7900) [ 590.680831][T25041] attempt to access beyond end of device [ 590.746158][T25041] loop3: rw=2049, want=130, limit=127 [ 590.785382][T25041] attempt to access beyond end of device [ 590.823155][T25041] loop3: rw=2049, want=131, limit=127 19:47:58 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x2201) [ 590.880063][T25041] attempt to access beyond end of device [ 590.925567][T25041] loop3: rw=2049, want=132, limit=127 [ 590.955330][T25041] attempt to access beyond end of device 19:47:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7901) 19:47:58 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 590.976013][T25041] loop3: rw=2049, want=133, limit=127 [ 591.011063][T25041] attempt to access beyond end of device 19:47:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 591.065118][T25041] loop3: rw=2049, want=142, limit=127 [ 591.087206][T25041] attempt to access beyond end of device [ 591.107567][T25041] loop3: rw=2049, want=143, limit=127 19:47:58 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x2a00) [ 591.144367][T25041] attempt to access beyond end of device [ 591.214755][T25041] loop3: rw=2049, want=144, limit=127 [ 591.237214][T25041] attempt to access beyond end of device [ 591.275112][T25041] loop3: rw=2049, want=145, limit=127 [ 591.317507][T25041] attempt to access beyond end of device [ 591.345393][T25041] loop3: rw=2049, want=147, limit=127 [ 591.378696][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 591.378713][ T26] audit: type=1800 audit(1587930478.964:521): pid=25102 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="loop3" ino=287 res=0 19:47:59 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_group_source_req(r1, 0x0, 0x2c, &(0x7f00000003c0)={0x89, {{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}, {{0x2, 0x4e24, @remote}}}, 0x108) socket$inet_smc(0x2b, 0x1, 0x0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) ioctl$TCGETX(r2, 0x5432, &(0x7f0000000000)) r3 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r4, r3, 0x0) sendfile(r2, r3, 0x0, 0x10000007fffffa7) 19:47:59 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xc8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:47:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7a01) 19:47:59 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x2c00) [ 591.425346][ T26] audit: type=1800 audit(1587930478.974:522): pid=25107 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="loop3" ino=287 res=0 19:47:59 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3008) 19:47:59 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xcc, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:47:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7b01) [ 591.722927][ T26] audit: type=1800 audit(1587930479.324:523): pid=25140 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=288 res=0 [ 591.778763][T25140] attempt to access beyond end of device 19:47:59 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 591.804915][ T26] audit: type=1804 audit(1587930479.334:524): pid=25140 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/447/file0/file0" dev="loop3" ino=288 res=1 [ 591.856665][T25140] loop3: rw=2049, want=130, limit=127 [ 591.874478][T25140] attempt to access beyond end of device [ 591.891523][T25140] loop3: rw=2049, want=131, limit=127 19:47:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7f04) [ 591.908791][T25140] attempt to access beyond end of device [ 591.932113][T25140] loop3: rw=2049, want=132, limit=127 [ 591.966251][T25140] attempt to access beyond end of device 19:47:59 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:47:59 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3400) [ 592.012625][T25140] loop3: rw=2049, want=133, limit=127 [ 592.056840][T25140] attempt to access beyond end of device [ 592.098533][T25140] loop3: rw=2049, want=142, limit=127 [ 592.132599][T25140] attempt to access beyond end of device [ 592.171736][T25140] loop3: rw=2049, want=143, limit=127 19:47:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8004) [ 592.215891][T25140] attempt to access beyond end of device [ 592.262880][T25140] loop3: rw=2049, want=144, limit=127 [ 592.301470][T25140] attempt to access beyond end of device [ 592.338144][T25140] loop3: rw=2049, want=145, limit=127 [ 592.379634][T25140] attempt to access beyond end of device [ 592.436216][T25140] loop3: rw=2049, want=147, limit=127 [ 592.467083][ T26] audit: type=1804 audit(1587930480.064:525): pid=25208 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/447/file0/file0" dev="loop3" ino=288 res=1 19:48:00 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3a00) 19:48:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8005) 19:48:00 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xcc, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 592.639394][ T26] audit: type=1804 audit(1587930480.064:526): pid=25210 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/447/file0/file0" dev="loop3" ino=288 res=1 19:48:00 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040)='devlink\x00') syz_mount_image$ceph(&(0x7f00000001c0)='ceph\x00', &(0x7f0000000240)='./file0\x00', 0x1, 0x1, &(0x7f0000000340)=[{&(0x7f00000003c0)="e92b5649cab2e093dc9e5fde31885b4ed350fd44ceb0278418ce0f58004f4af9d1e2c41584e1da2540f0273e03f4197e54bd42cd7ac823ca9d1e24f253864fb9aeee289abf1ff47aa21da3a1f573efcc9cd3c305a655f5555804819a6d982f5939e73ec76d02e43b7ea40717", 0x6c, 0x2}], 0x4000, &(0x7f0000000440)='/proc/timer_list\x00') sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)={0x3c, r3, 0x536ae464467e3e0b, 0x0, 0x0, {0x5, 0x0, 0x6c}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8}}]}, 0x3c}}, 0x0) sendmsg$DEVLINK_CMD_PORT_SET(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x70, r3, 0x300, 0x70bd29, 0x25dfdbfe, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8}}, {0x6, 0x4, 0x1}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x6, 0x4, 0x1}}]}, 0x70}, 0x1, 0x0, 0x0, 0x80}, 0x40000000) r4 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r5, r4, 0x0) sendfile(r1, r4, 0x0, 0x7fffffa7) 19:48:00 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3b00) [ 592.800566][ T26] audit: type=1800 audit(1587930480.394:527): pid=25226 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=289 res=0 19:48:00 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 592.905824][T25226] attempt to access beyond end of device [ 592.939474][T25226] loop3: rw=2049, want=130, limit=127 19:48:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8501) 19:48:00 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xcc, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 592.971748][T25226] buffer_io_error: 22 callbacks suppressed [ 592.971762][T25226] Buffer I/O error on dev loop3, logical block 129, lost async page write [ 592.988435][ T26] audit: type=1804 audit(1587930480.434:528): pid=25226 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/448/file0/file0" dev="loop3" ino=289 res=1 19:48:00 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 593.040645][T25226] attempt to access beyond end of device [ 593.082452][T25226] loop3: rw=2049, want=131, limit=127 [ 593.126378][T25226] Buffer I/O error on dev loop3, logical block 130, lost async page write 19:48:00 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4001) [ 593.181912][T25226] attempt to access beyond end of device [ 593.217632][T25226] loop3: rw=2049, want=132, limit=127 19:48:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8601) [ 593.249945][T25226] Buffer I/O error on dev loop3, logical block 131, lost async page write [ 593.309815][T25226] attempt to access beyond end of device [ 593.356580][T25226] loop3: rw=2049, want=133, limit=127 [ 593.403653][T25226] Buffer I/O error on dev loop3, logical block 132, lost async page write 19:48:01 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4800) [ 593.451002][T25226] attempt to access beyond end of device [ 593.481488][T25226] loop3: rw=2049, want=142, limit=127 19:48:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8701) [ 593.512773][T25226] Buffer I/O error on dev loop3, logical block 141, lost async page write [ 593.558614][T25226] attempt to access beyond end of device [ 593.597842][T25226] loop3: rw=2049, want=143, limit=127 [ 593.650818][T25226] Buffer I/O error on dev loop3, logical block 142, lost async page write 19:48:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 593.722546][T25226] attempt to access beyond end of device 19:48:01 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4900) [ 593.782016][T25226] loop3: rw=2049, want=144, limit=127 [ 593.849102][T25226] Buffer I/O error on dev loop3, logical block 143, lost async page write [ 593.896389][T25226] attempt to access beyond end of device [ 593.910456][T25226] loop3: rw=2049, want=145, limit=127 [ 593.923347][T25226] Buffer I/O error on dev loop3, logical block 144, lost async page write [ 593.942315][T25226] attempt to access beyond end of device [ 593.956429][T25226] loop3: rw=2049, want=147, limit=127 [ 593.971324][ T26] audit: type=1804 audit(1587930481.575:529): pid=25293 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/448/file0/file0" dev="loop3" ino=289 res=1 19:48:01 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="2321202e2f66696c653020f014"], 0xd) close(r3) ioctl$SNDCTL_DSP_SYNC(r3, 0x5001, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r4, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) 19:48:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8705) 19:48:01 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 594.053677][ T26] audit: type=1804 audit(1587930481.575:530): pid=25294 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/448/file0/file0" dev="loop3" ino=289 res=1 19:48:01 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd0, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:01 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4c00) 19:48:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8b00) 19:48:01 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x6000) 19:48:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x900d) 19:48:02 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x6005) 19:48:02 executing program 3: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="2321202e2f66696c653020f014"], 0xd) close(r0) r1 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000940)={0x7, 0x7, 0x4, 0x2000, 0x3, {}, {0x3, 0x1, 0x9d, 0x5, 0xfb, 0x1, "eff10c12"}, 0x7, 0x3, @planes=&(0x7f0000000340)={0x3, 0x6c20, @fd, 0x2}, 0x40004000, 0x0, r1}) write$apparmor_exec(r2, &(0x7f00000009c0)={'exec ', '$.6/%cpuset]\x00'}, 0x12) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r3 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) readv(r3, &(0x7f0000000880)=[{&(0x7f00000003c0)=""/208, 0xd0}, {&(0x7f0000000080)=""/79, 0x4f}, {&(0x7f0000000000)=""/17, 0x11}, {&(0x7f0000000140)=""/154, 0x9a}, {&(0x7f0000000240)=""/120, 0x78}, {&(0x7f0000000580)=""/214, 0xd6}, {&(0x7f00000004c0)=""/117, 0x75}, {&(0x7f0000000680)=""/104, 0x68}, {&(0x7f0000000700)=""/155, 0x9b}, {&(0x7f00000007c0)=""/185, 0xb9}], 0xa) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r3, 0x40106614, &(0x7f0000000a00)) r5 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r6 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fsconfig$FSCONFIG_SET_PATH(0xffffffffffffffff, 0x3, &(0x7f0000000a40)='-\x00', &(0x7f0000000a80)='./file0\x00', 0xffffffffffffffff) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r7, r6, 0x0) sendfile(r5, r6, 0x0, 0x7fffffa7) 19:48:02 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x9104) 19:48:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:02 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x6105) 19:48:02 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd0, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x9801) 19:48:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:02 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x6800) 19:48:02 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) r4 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) ioctl$FS_IOC_SETFSLABEL(r4, 0x41009432, &(0x7f00000003c0)="4ed9c2c5d3a4ab46866abb2ee7c06d1c79b08206bc90f82536a5a2415c0660ff7ba9c49f9864dd7060d32079f45b66a2b0e9b2925ff93124466b1f5bc230c8184634ca2ddcbb014ab28f88c04accf49e47d14dd8ceac4d5b7db64022416a4c3be7d618ff8d6d5e5b92912ef334c9d13befd5e8350ff92b21629f4ea2de399e26382fdd20445367cb3c538712ec0e635511e37ab90daa20f6eecee4b86e2d9a0a16d3708c25cbaacea5dd77de462cfc68d5bf57eb9ad9294c98d4b2238b05611289bdef0df0dc59fb79045da7b953cb9d95ec04903bca6572a94405e42106713096e9e1428230af1b9611f3f7b98b74edc431a15667f4ac2c2ce39ecb988bdffa") sendfile(r1, r2, 0x0, 0x7fffffa7) 19:48:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x9901) 19:48:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:02 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:03 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 595.477076][T25484] attempt to access beyond end of device [ 595.518846][T25484] loop3: rw=2049, want=130, limit=127 19:48:03 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x6c00) [ 595.590862][T25484] Buffer I/O error on dev loop3, logical block 129, lost async page write [ 595.618565][T25484] attempt to access beyond end of device 19:48:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x9e00) 19:48:03 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 595.646147][T25484] loop3: rw=2049, want=131, limit=127 [ 595.681679][T25484] Buffer I/O error on dev loop3, logical block 130, lost async page write 19:48:03 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd0, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 595.733751][T25484] attempt to access beyond end of device [ 595.757338][T25484] loop3: rw=2049, want=132, limit=127 [ 595.767425][T25484] attempt to access beyond end of device [ 595.817417][T25484] loop3: rw=2049, want=133, limit=127 [ 595.843677][T25484] attempt to access beyond end of device [ 595.896104][T25484] loop3: rw=2049, want=142, limit=127 [ 595.918892][T25484] attempt to access beyond end of device 19:48:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xa001) 19:48:03 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7005) [ 595.949050][T25484] loop3: rw=2049, want=143, limit=127 [ 595.993092][T25484] attempt to access beyond end of device [ 596.006124][T25484] loop3: rw=2049, want=144, limit=127 [ 596.019039][T25484] attempt to access beyond end of device [ 596.027067][T25484] loop3: rw=2049, want=145, limit=127 [ 596.055642][T25484] attempt to access beyond end of device [ 596.077889][T25484] loop3: rw=2049, want=147, limit=127 19:48:03 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xa00d) 19:48:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:03 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x80, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) r4 = socket$inet(0x2, 0x80000, 0x1) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f00000005c0)={r5, @in6={{0xa, 0x4e22, 0xb, @mcast1, 0x5}}, [0x7, 0x3, 0x0, 0x7, 0x0, 0x3, 0x8, 0x951, 0x800000000007ff, 0x0, 0x5, 0x0, 0x4, 0x0, 0xfffffffffffffffe]}, 0x0) setsockopt$inet_sctp_SCTP_AUTH_KEY(r4, 0x84, 0x17, &(0x7f0000000080)={r5, 0xfffc, 0x3c, "25cbde3f885f5ca4fd1e06ea2f93cbc05871c79d4ddde348581cd7e48db11c67375a6351fb543cad4b0a9b2cfcdb9c7bd5c6c20cb6dee3f0bab35f5f"}, 0x44) 19:48:03 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7105) [ 596.296242][T25593] FAT-fs (loop3): bogus number of reserved sectors [ 596.317150][T25593] FAT-fs (loop3): Can't find a valid FAT filesystem 19:48:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xc000) 19:48:04 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7205) [ 596.483252][T25593] FAT-fs (loop3): bogus number of reserved sectors [ 596.498246][T25593] FAT-fs (loop3): Can't find a valid FAT filesystem 19:48:04 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:04 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:04 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(0xffffffffffffffff, 0xc1205531, &(0x7f00000003c0)={0x0, 0x7fff, 0x8, 0x5a9, [], [], [], 0x1, 0x7, 0x101, 0x7fffffff, "03929fa77a110206143b64cf07994635"}) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) 19:48:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xc100) 19:48:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:04 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7400) [ 596.841428][ T26] kauditd_printk_skb: 9 callbacks suppressed [ 596.841442][ T26] audit: type=1800 audit(1587930484.445:540): pid=25659 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=292 res=0 [ 596.874023][T25659] attempt to access beyond end of device [ 596.893481][T25659] loop3: rw=2049, want=130, limit=127 [ 596.907235][T25659] attempt to access beyond end of device [ 596.921301][T25659] loop3: rw=2049, want=131, limit=127 [ 596.934389][T25659] attempt to access beyond end of device [ 596.947037][T25659] loop3: rw=2049, want=132, limit=127 [ 596.953178][T25659] attempt to access beyond end of device [ 596.971611][T25659] loop3: rw=2049, want=133, limit=127 [ 596.984145][T25659] attempt to access beyond end of device 19:48:04 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xc200) [ 597.002653][T25659] loop3: rw=2049, want=142, limit=127 [ 597.013786][T25659] attempt to access beyond end of device [ 597.020459][ T26] audit: type=1804 audit(1587930484.445:541): pid=25659 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/453/file0/file0" dev="loop3" ino=292 res=1 [ 597.032174][T25659] loop3: rw=2049, want=143, limit=127 19:48:04 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7401) [ 597.135027][T25659] attempt to access beyond end of device [ 597.161842][T25659] loop3: rw=2049, want=144, limit=127 [ 597.195594][T25659] attempt to access beyond end of device [ 597.254899][T25659] loop3: rw=2049, want=145, limit=127 19:48:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 597.289270][T25659] attempt to access beyond end of device [ 597.314509][T25659] loop3: rw=2049, want=148, limit=127 19:48:05 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7501) 19:48:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xcd00) 19:48:05 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r1, &(0x7f0000000780)=ANY=[@ANYBLOB="23c6202e2f6669e60e3020f0144a44ae59e39c09b064af22fcb624dd3670f2eeeebe1dcf06d96e7015ad039a3bc6fe591f472b126b3ee2a3e18c4bdcd7839c6d77ea96ad06576fbb612a690abee2bebb255d237d8f24be4d6f252c6f3fa457cad0f5a5ae93fa5c5c017cd8b7da1e605573af269a9912303f7636a42f373ca885722b16f10fb92a4255e535edd9239613343c85994c39e2ea4f899560461d5ea91d3e2056e868f725d75fb76cff22142d4f6befe49941bd6159be33fb2ea71f2fb9a544e721667c625c0629cba5bc9c00060c25551727b85b8e600a8099278047d75184276c45afc158fa7bd9c04486c42aa1d65cc29bde49f15ab8810017159486aa1d3f2c954a36b4cbaa51e304f713f0881ebfb06eb1a6d052855dddae675d1a16be068aae6136db92b7d40a3800bd990d8093322b1804aa23535a43cd632b10282a6db7f11a2a16bae9d7f088ff6e414c6c2d58f009dcac168732c4908395a98914e33a17be76833d9c972520f12da7a963b42d047a93a1279dcdb2cbf04ca5ba7b5cf9fec2d3a2df667ad9eeb229933e7af70193a93b95b112392c67d1f667ca29d3404da19127f3728da0f6b3a300c0d337c4330dd25645f8bc7f2aae2d9471eb1ef928c71a5e0c5a97207c4ee6340ebe54f4ef9f867119a5654a5e9c27a7400ee68846b92640d99b86653a18cd3ff5b4759b"], 0xd) close(r1) openat$cgroup_ro(r1, &(0x7f0000000000)='cgroup.stat\x00', 0x0, 0x0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r3 = open$dir(&(0x7f0000000080)='./file1\x00', 0x20a82, 0xcc) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) socket$nl_crypto(0x10, 0x3, 0x15) r4 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) r5 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) r6 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) r7 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) dup3(r7, r5, 0x0) sendfile(r2, r3, 0x0, 0x7fffffa7) 19:48:05 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:05 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7601) 19:48:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xce00) 19:48:05 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f00000005c0)={r2, @in, [0x0, 0x3, 0x0, 0x0, 0x0, 0x3, 0x8, 0x951, 0x800000000007ff, 0x0, 0x5, 0x0, 0x4, 0x0, 0xfffffffffffffffe]}, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000240)={r2, 0xc2}, 0x8) r3 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bsg\x00', 0x1d1080, 0x0) execveat(r4, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x1000) syz_open_procfs(0x0, &(0x7f0000000080)='net/udp6\x00') fchdir(r3) r5 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r6 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r7, r6, 0x0) sendfile(r5, r6, 0x0, 0x7fffffa7) 19:48:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:05 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7702) 19:48:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xd004) 19:48:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7900) 19:48:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xd901) 19:48:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7901) 19:48:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xdb01) 19:48:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7a00) 19:48:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xde01) 19:48:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:06 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7a01) 19:48:07 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xe006) 19:48:07 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) r3 = pidfd_getfd(r1, r2, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) connect$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x4e23, @rand_addr=0x64010101}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r5, 0xc01064c7, &(0x7f00000005c0)={0x7, 0x0, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/am_droprate\x00', 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r7, 0xc008551b, &(0x7f0000000180)=ANY=[@ANYBLOB="0700000024000000080000000300000005000000ffffff7f0500008a5a000000ffff0000a400000006000000"]) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(0xffffffffffffffff, 0xc00464c9, &(0x7f0000000600)={r6}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[0x7, 0x40, 0x1, 0x7, 0x8], 0x5, 0x80800, r6, r1}) r8 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r9, r8, 0x0) sendfile(r1, r8, 0x0, 0x7fffffa7) 19:48:07 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7b01) [ 599.607098][ T26] audit: type=1800 audit(1587930487.205:542): pid=25945 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=294 res=0 19:48:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xe0ff) 19:48:07 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 599.705353][ T26] audit: type=1804 audit(1587930487.305:543): pid=25945 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/456/file0/file0" dev="loop3" ino=294 res=1 [ 599.740614][T25945] attempt to access beyond end of device [ 599.774030][T25945] loop3: rw=2049, want=130, limit=127 [ 599.790743][T25945] buffer_io_error: 14 callbacks suppressed [ 599.790757][T25945] Buffer I/O error on dev loop3, logical block 129, lost async page write 19:48:07 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 599.845632][T25945] attempt to access beyond end of device [ 599.869091][T25945] loop3: rw=2049, want=131, limit=127 [ 599.922090][T25945] Buffer I/O error on dev loop3, logical block 130, lost async page write 19:48:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xe100) [ 599.963043][T25945] attempt to access beyond end of device [ 599.976606][T25945] loop3: rw=2049, want=132, limit=127 [ 599.983673][T25945] Buffer I/O error on dev loop3, logical block 131, lost async page write [ 599.994541][T25945] attempt to access beyond end of device [ 600.001142][T25945] loop3: rw=2049, want=133, limit=127 19:48:07 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7f04) [ 600.006876][T25945] Buffer I/O error on dev loop3, logical block 132, lost async page write [ 600.020210][T25945] attempt to access beyond end of device [ 600.044436][T25945] loop3: rw=2049, want=142, limit=127 19:48:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:07 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 600.090470][T25945] Buffer I/O error on dev loop3, logical block 141, lost async page write 19:48:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xe803) [ 600.132995][T25945] attempt to access beyond end of device [ 600.164029][T25945] loop3: rw=2049, want=143, limit=127 19:48:07 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 600.198062][T25945] Buffer I/O error on dev loop3, logical block 142, lost async page write 19:48:07 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8004) [ 600.301361][T25945] attempt to access beyond end of device [ 600.341025][T25945] loop3: rw=2049, want=144, limit=127 [ 600.382559][T25945] Buffer I/O error on dev loop3, logical block 143, lost async page write [ 600.438512][T25945] attempt to access beyond end of device [ 600.492292][T25945] loop3: rw=2049, want=145, limit=127 [ 600.510939][T25945] Buffer I/O error on dev loop3, logical block 144, lost async page write [ 600.550797][ T26] audit: type=1800 audit(1587930488.155:544): pid=26032 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="loop3" ino=294 res=0 19:48:08 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x1, 0x0, &(0x7f0000000380), 0x80800, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x141040, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) 19:48:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xfc01) 19:48:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:08 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8005) 19:48:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xfe00) 19:48:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:08 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8501) 19:48:08 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:08 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) r4 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) r5 = syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0)='SEG6\x00') sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6eeeb0dbd78c661dc3e4aac66d7b3e69ae3a34000000", @ANYRES16=r5, @ANYBLOB="000125bd7000ffdbdf25040000000800030009000000050005000100000005000500020000000800030002000000"], 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x4) execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) sendfile(r1, r4, 0x0, 0x7fffffa7) 19:48:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xff02) [ 601.182102][ T26] audit: type=1800 audit(1587930488.785:545): pid=26124 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=295 res=0 19:48:08 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8601) 19:48:08 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r3 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) r4 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000080)='cgroup.subtree_control\x00', 0x2, 0x0) r5 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) r6 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) r7 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r7, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) dup3(r7, r1, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) [ 601.340482][ T26] audit: type=1804 audit(1587930488.785:546): pid=26124 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/458/file0/file0" dev="loop3" ino=295 res=1 19:48:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xff0b) 19:48:09 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8701) [ 601.565687][ T26] audit: type=1800 audit(1587930489.165:547): pid=26160 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=296 res=0 19:48:09 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 601.607745][ T26] audit: type=1804 audit(1587930489.205:548): pid=26160 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/459/file0/file0" dev="loop3" ino=296 res=1 19:48:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xffe0) 19:48:09 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:09 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:09 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8705) 19:48:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x10040) 19:48:09 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8b00) 19:48:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:09 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:09 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="23210400a8b6187e659f8f240855f13090413cf274b0bdf72d49bbdfe00601a3dd8ed71614f593be7e1ba753069a0b426d879260fefa9f540a4333fc4f866814ca6d920f310cb891050f3a34ce7fbfa5f5"], 0xd) close(r0) r1 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r4 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r5, r4, 0x0) sendfile(r3, r4, 0x0, 0x7fffffa7) 19:48:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x100c0) 19:48:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 602.370184][ T26] audit: type=1800 audit(1587930489.975:549): pid=26253 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=297 res=0 19:48:10 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x900d) [ 602.435825][T26253] attempt to access beyond end of device [ 602.491441][ T26] audit: type=1804 audit(1587930489.975:550): pid=26253 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/460/file0/file0" dev="loop3" ino=297 res=1 [ 602.499977][T26253] loop3: rw=2049, want=130, limit=127 19:48:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x20000) [ 602.591063][T26253] Buffer I/O error on dev loop3, logical block 129, lost async page write [ 602.647825][T26253] attempt to access beyond end of device [ 602.669041][T26253] loop3: rw=2049, want=131, limit=127 19:48:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 602.695086][T26253] Buffer I/O error on dev loop3, logical block 130, lost async page write [ 602.736756][T26253] attempt to access beyond end of device 19:48:10 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x9104) [ 602.777290][T26253] loop3: rw=2049, want=132, limit=127 [ 602.802598][T26253] attempt to access beyond end of device 19:48:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 602.853741][T26253] loop3: rw=2049, want=133, limit=127 [ 602.888864][T26253] attempt to access beyond end of device 19:48:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x201c0) [ 602.931584][T26253] loop3: rw=2049, want=142, limit=127 [ 602.962112][T26253] attempt to access beyond end of device 19:48:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 602.991570][T26253] loop3: rw=2049, want=143, limit=127 19:48:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 603.016268][T26253] attempt to access beyond end of device [ 603.040092][T26253] loop3: rw=2049, want=144, limit=127 [ 603.065453][T26253] attempt to access beyond end of device [ 603.082956][T26253] loop3: rw=2049, want=145, limit=127 [ 603.101859][T26253] attempt to access beyond end of device [ 603.124567][T26253] loop3: rw=2049, want=147, limit=127 [ 603.156312][ T26] audit: type=1804 audit(1587930490.755:551): pid=26322 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/460/file0/file0" dev="loop3" ino=297 res=1 19:48:10 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r4 = dup3(r3, r2, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r4, 0x641f) sendfile(r1, r2, 0x0, 0x7fffffa7) 19:48:10 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x9801) 19:48:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40000) [ 603.254841][ T26] audit: type=1804 audit(1587930490.785:552): pid=26329 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/460/file0/file0" dev="loop3" ino=297 res=1 [ 603.530210][ T26] audit: type=1800 audit(1587930491.135:553): pid=26363 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=298 res=0 [ 603.556829][T26363] attempt to access beyond end of device [ 603.563357][ T26] audit: type=1804 audit(1587930491.135:554): pid=26363 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/461/file0/file0" dev="loop3" ino=298 res=1 [ 603.586723][T26363] loop3: rw=2049, want=130, limit=127 [ 603.601187][T26363] attempt to access beyond end of device [ 603.606883][T26363] loop3: rw=2049, want=131, limit=127 [ 603.613563][T26363] attempt to access beyond end of device [ 603.619846][T26363] loop3: rw=2049, want=132, limit=127 [ 603.625555][T26363] attempt to access beyond end of device [ 603.632097][T26363] loop3: rw=2049, want=133, limit=127 [ 603.637534][T26363] attempt to access beyond end of device [ 603.644184][T26363] loop3: rw=2049, want=142, limit=127 [ 603.650237][T26363] attempt to access beyond end of device [ 603.655908][T26363] loop3: rw=2049, want=143, limit=127 [ 603.662236][T26363] attempt to access beyond end of device [ 603.668706][T26363] loop3: rw=2049, want=144, limit=127 [ 603.674241][T26363] attempt to access beyond end of device [ 603.680984][T26363] loop3: rw=2049, want=145, limit=127 [ 603.686770][T26363] attempt to access beyond end of device [ 603.693273][T26363] loop3: rw=2049, want=146, limit=127 19:48:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x80000) 19:48:11 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:11 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000000)='./file0/file0\x00', 0x6) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) 19:48:11 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:11 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x9901) 19:48:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:11 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x9e00) 19:48:11 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4d564b) [ 603.966726][ T26] audit: type=1804 audit(1587930491.565:555): pid=26406 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/462/file0/file0" dev="loop3" ino=299 res=1 19:48:11 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:11 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) 19:48:11 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xa001) 19:48:11 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:11 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x80ffff) [ 604.355016][ T26] audit: type=1800 audit(1587930491.955:556): pid=26444 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=300 res=0 [ 604.482021][ T26] audit: type=1804 audit(1587930491.995:557): pid=26451 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/463/file0/file0" dev="loop3" ino=300 res=1 19:48:12 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:12 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1000000) 19:48:12 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:12 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:12 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xa00d) 19:48:12 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x8f8d40, 0x12a) fchdir(r0) setxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=@random={'osx.', '#eth0@eth0.\x00'}, &(0x7f00000000c0)='\\securityvmnet0\x00', 0x10, 0x6) stat(&(0x7f0000000240)='./file0/file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(0xffffffffffffffff, &(0x7f0000001b80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = socket(0x11, 0x800000003, 0x0) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000008c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@mcast2}}, &(0x7f00000070c0)=0xe8) link(&(0x7f0000007040)='./file0/file0\x00', &(0x7f0000007080)='./file0/file0\x00') shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000840)={{0x0, r1, 0x0, r4, r2}, 0x800, 0x0, 0x0, 0x8000}) setgroups(0x1, &(0x7f0000001d80)=[r2]) r5 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x10a) r6 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r8 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r8, &(0x7f0000000540)=ANY=[@ANYBLOB="2321202e2f66696c653020f014"], 0xd) close(r8) sendmmsg$alg(r8, &(0x7f0000006e00)=[{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000003c0)="b3efdf9674b4ef9c1b8eced97e46f99ee1b7f4563a461c926f958c001f804cf9172dc541d83cc8afcfeb8264f22de05cfe9c21fa697ad8d98d8f0998395f34be034f70622060a7aa428db5c41c65d37d0ae6d275f9db94f428d0f439a8395c7a119c0ed2ed195644493fa65cc6a95a75c5256ab0e1e0d3885f8988c2bbf98ef22cfac086e51ba69e4bbc2fbd1aef8350e5d6f1c4b79945b15ea2cf3be1282277550231931144be49b607ba2703b9efc71c330fdca835eba9837b6758e25dcdb22ccc9f7977b480ecc79cbba248f910ed9515db79a7128a76d85ca267cb420886", 0xe0}, {&(0x7f0000000140)="c4ffa7fcb310130dcbfb5408f2", 0xd}, {&(0x7f0000000180)="b9efb12645d731af08087a132e108a7972630c4890ba60034cfc950b502bc730333e70a8873eab6fa6019fa8f46d2b9c6e4f260b53052c4a166e0ef6184c6749d04b63abe70742a02c63f5e276884f28265fb139bf47c5", 0x57}, {&(0x7f0000000580)="25cf0b6d3ff9ff039343ea00474e466f1a9ee13bb95ae9cb967e38ea1da4d9622926f29f16c629b4d875a3748ef2502432c4354b7366c2b840d8d0352f677f73ea485a148f49efc4e7497e1030f343ac7a0721d5f22ba6a3d2d5e91bb7eb4acb624723706864bee63d1a2b4a3a1766e79b4d54c59c76aa210376381f142524a1c6b0455dfb375a8d4f27b6cfff57c83e5be0b297e9dd97de3a006ae1459842c429235995b1b9722849fee38c456beecf6f8bee77412e0c5a27674e8216444851f782534cc4acbc7371c071427109b6f5d20ad63ccec02293770c94001037f2dbbf86ea702dc43f59cec6d8e48e845b7d991c0cbc39fe946856e75c9db7630d1de4833eee99f074eba8f3629c51dcb138550682fa4cd66db4f32f5e78ce21cd8c68b980983010952fe829eece771dc35aae223d2065579e667c88448ef7f2e47d058ec2d16c6ed03d901a66603ec8a0dfa7a94ba984f2694f6c918c0bc6f40fa980f81207a767248238c7feb910f1938328dc59bf7f3b51d73c81636bf196de104110127a2f4c578af58cd5c1a8d6e01e2fb8dd3f1d811d7533ee7272febc71b8c2acc58888ae953023ec5e0db0817a6ae7a1795bc644cbb6e793b5ea466c6fa8be37a822861dd64245d1ebc9ea6f26a61fa9ae1feb3e2371f35e870dfd1452b005bfa0eb174767351deee4f0a2770335e44597127df1c3e65581d6ecf25980b0858cd7cb13f2ed468e9bbe8e4dc06c88311294c8670c54803338adc29f9ed94643a6314a2b7f15de5c7a6e0ae875226c355c26ac359f60bb3b3b2e1a198d8cd150c66fa56935a20211648f872f2456d9607b1612fa93cd827650612caefca1c6aeb3168ba384f6fd925691d45a0c642a486233cc629132bb0070b21b5ee953bdaa1b7c6f86a9f02a4cdff6f15d41bb10d4775b86e0f1049763c5c204292849cb668acd6c890d4604beb1fea3664269ecc0e382b7b32f5167060d0816f8fb4ddcb20b11e2bf852b08d013ddef01ad530bf613fd4498303fdab87ef1ffef0e10ec566407a95745cb7398a92e8764c653ae90b85789c9ae26a23687cf2a89e53c2c583dda48ccef1a0de5390e1b58e129ef3c740319fa204d15addd1ed5d29611630a845e5874247fc541a57a1fcc5693ac511ae2ff0a4e128deaf17a7e41db50e1f320cd547074f82f811320bc9f750b26ee5d82a8a4fe9ef9e96d0246ea3c423a5d9e6ab0036e7e7575d9ecb3096034f6cc31ad63611138e92df1cf60f52799cde3c8fa64dcf7c11be5ee3f2939224301e0e73be2c7250f6db2916eeee441bfc09e9748c8f4b12f95b1c92601cdc907f175b233515ff25cb3964bbdc59776ebe9e4d2eb2a1fd8b1892f04c718078c7e75b90bca911d115c678a347ece86dfbd951b098d2c90efbb35678d3f99d6d02c40a533a4242b74bbff610a1c2c43d67e155a5640df375edf4a8e949480ab035024cdd299a18d97a602a09a235488c78ae827e4968937d16393e798a70844f83c310db8a44a9698957324c9b278331e06996cf106fa477183307bcfe11df6441035278a324b46335a4eb058ff12161f2590b2c629969b92442d95a8fb4f0657c5734cf166d2bc57efb2ad239c8c51e2a6789dfd7cd9e276ef95649bfbb7d51894ce2a0a742f033db3fc56130958b6c5f394c84f8da517692720d141189d123a1b1f3cb5aa435bc133a5e513f5d4fd6e8fb6a48c3dd7d555f0ef0a281f17d1fca0334c189e4ebb5294b2fae12025015a492891367b503a0d3ba9478025db1041f0920c778f6e1e95871efa299269c11f9b93ca72a02d3272797ab160ad826fadc33ef9dc0df40e89c5e65796ab8d7bf9df022fdfb45926b8a077167e8a2502dcd280fc24292fba76ac1b11d898961755e493951462fb90620b2e1d5250173e86cc9751c37bcfa96e14b9b74bf96b023371697302d3ff3a60414087bf7457f4400f6105b6e024b7e9a7f10ab37dcde618bbcff8ab4adbf63c1d3157274268e3e48ef79280fd8627f504da86df193d9226f988eef75ee4a4fb6c341076d0a8cdc1ebe2f24bf731a3b663108ed38702da547478bea665aeb1da36a87fd2c6fe3531655be852ef9fe80d3f1de1d988143f6ac983fc467c7b467c6d79a0390b5947455c2910cc1842754a7aed3ab56e091dd0018e295540831f4d2a39e7202b5f32c9111146fec3ff208e250fc56e2545f95a97a810e5062dcdc013f5eb1fafb219fa6e990ef971d16a83202aac954c1005bf71ee898951b91e75ab13a951716e66449589c73a398d704b616d38397f94eebd9c27ed91a2b32d89b8a24e4ccba56e52573f3b0ca46197e163e2dbaa13fc1f7e2937469c4017f51a7c8e8ab1bcc2c62349c8889cf5e1748cb042fa0a9f7587ea7dfae9987a45f8ab257faa68fd1082a35b21122142a418ff4a1d8d1089e7c8f2529ea91be293c4e8e3f9b88a238e5aa0c8c06a25792205a18de3cc1b5f18e1dba90359642bd216d8a3a3b8dc905e2cd439f48d707680b8f979c38caa91c11f3bda24789e7130ac9c6b4b2e5253814438f03d44d4989b4553f3104cddf528cec27fb69d83d59955107e2f38e486f742998de3c0af33c27f61720dd60b44b10d6223ffcf894aabdfa62c67abd1715d51f5517d6618f86f4fa594a63d3cba338e02d85ffc68676bffe9c512cee6bcee41b1fb9604fb85b13cf36f1039fad9479e4e55861eef65ca193759796065d016d8f2ff255b6fcbfa8ea2368d672347d317abb6dfddea97864380bacd944a21defc5481cebe646724b30c64ddcba3d3ff43f40cce24e6207d055a3fd1dc01687e27d75458548940997c6bdaeead365809a61570c06bb500705f23d2e50b0e8442fc6fd33b8357eb52c81ab32983d21a2384265c27ebec551a7c252e893a5d525f830b1ecc6f70d015e60fadf91eb6552ed6b8b1aee4aa824a767bfc72e213db2a59341e67098d23bea7942e5f08c1f8c5610c1d892a3d2a7a3fecda1346e1658cf6698c34cce7cbc0f65994671d1adb8e2d53847bd2a69c18bd7adf7bc7689cedfca0131e5dc06787fa25f98b80f42cb648d85a0c7b0b2852724fe85a2fe9acf3410de763808fc1d04d3a62050fad75d5d549e088afad29ea703ab5dfdfd891ae17ad347e19177707d2a4edf30713de109b987c6f60601794ad6bafb32a974942529a3347dac847b85f683c1a7cf0fd87fc510e9bf494a136b4f8fa65a069f91e2cf0def85c619674fc0f65ccefab840c2d7a6abcd3fe9ce4fdee9a5d9180e39dc6e0476f492e906e19c642bb99c4441a52d6a9c7e8510394fdca0966834144b0ce9e791cd35dcc88eb035fc88e412bbc06033778cc345f39964a38e63c991f25999b00abfaa0bde373b8b067bdd8a384c8d18d04d23d17775d61a5c3ba719b20c71e90c84f6b41e16bb08a2b58bd916aaf7c56b1a23359bd987954326f06eb6f4fd6bb1abbafcda7b4e45dbf65739ab955640db7edca3ba0777aa10dd7800ac7ca27c746a1a71c788f04e1f31b990b20b1ef0c31e6818377f197b7bcdac40220c1972e806ae61254881d7ce9ad04dee791a8215236409261efb8e29c804c06d679fb766a0ac08f30d8ea866188e73d11c9e2d0bbe2f4e7daf5b7dcfa17118a8060af4929213b2250f062cc650164802791d3ae6c556aac95c959971fbd02426cf2a62ffe5128eb7f00d7b8b69ddc4bebc53f5ee5d1d4ce2cabbee86bd61284282cda3fbacfb78727534973bbb957bda44bf6c2ec9750bb3908a142ebc41037278fe69dfd75a353fe870b5bc47910a071d879cc7573d2b5b85d67236d3f34e8eb9fcee45f3ec5f10051c6d85df368cc4d7b6d60e558e6290c948ef8a3a0cb009123e198d99eb88b32f90be2be27b30f381a4ea39aec3ebfd9f26e80a95cb88608c0c40e6af14d087d9ceb2338b0077a4bf81ba3aa8b923984a47077abd25af720f4790ca1e2f711e09b51bef149f522dc205a84251734aa006b8dc9653a1a9654befe60ead35afcb97fe2abe30ef6212519dc1ea98a39d0d0bca016f6fc4aa7d3c1c51a89349c220bfe0574140fbb893fbe01412493f35e9f77fb3c581f97fa77dca337bb476849ca3b118bd8175b1eb1a3979712b86c9b8516eea7053b9df4848493650c1b28bed5004b5ddbaf092a89fe39ae854f783750c89071df06bec06f1052959fd3405aa1bbbd30b1ae6af0efeed646b0949dfe874b8aad14f7138d66e87c195b8615c99dc445f5b67c4450c862b1e66b17b630e8939fce9c30c3d3d656ab17f3052e202a8a7d9ad866ed2236841775b09d4a0aa0f7f11d923f9c76c922b4365f5a593aed69012fdd1f6d144d840230f96c1e98885a3c5f967254bced04e7a126cd34ac3a054c81e5ff463a4744cb2f476b56d2ee51369f86a81016e3bc485d888f9c8d58ed388ac4fbdb32387be31851cac7fe12c4e0a2f4601691033a346b4ce422243689fe5cc4405ca8c45aac5f1aaf2e423e82180ba2e9a1db7f60ecc0b94edbbc8ce8e253a869bcc486573300ba76c7be882e986a1adef1761d302d3700ad3af7382881460fbb51a985ae6e376773a16c065fa42907c433931dc92d9116671cc552d1be45666cb4b7d95cab68b0ab414fd13f0630bac6b36bdfaeffae5b0e6ab4b8f4ee6347acd035ac5023208ac5bae67e92adead90d4fd8c1046877b4758e4b5c67cf4e10fa0be9f137829a8e458465ce7b61a5d0a81ffe372f1ddbcfb2f85092933cfb8649818dd73ca8818d648c0e9fa985f5dd9d854efb0c5335209474d46fd9746f4f8d225b0fff60f3e91ac82132c965e35d1ef3fb27b18784fa49dba7996383d2ece983f3b15ebf5a83808f238fc4536497dfd7b166c2bb973275abe8c1212efc1a990bc6f55c7f954af21fac792dffd950f3108f864c72bd345798d3bc8da2ac7ad56730341e7252caf30cda6f3364da66a6b6c88529e5297ecfbc6ca717ea7c4062e3e436b461404a8202a2dc4179c3810460383c6dc1b784d96a16501d9ce2e0c4f13d6a195d85fed346bb7d4965ce6a056c3f45fee6c3f4ca1f5ba23bc25f9844fd3ec6984b190c52741696e614e445238871d26d50de20a40f212a1471172114f8e760e81589f385e2e0e33161d92c491d58e482539b87bc84b7981c445e5ccac0bcd2138203d36b9f15cb60f707aeeb03ec7dc335bf4d4254b68a33f94202ca33408029e181f118e16302d6c3194440a670f799ffe527b72dc928db453963dd191ff631f202038947993af8c0b4a42aafee833db90725e7807799b1b7c3d42c25490b6964c488fb55aa989d2f960d90676b6b698abf37ec1742646d90291bc24e7a23328900d9ad12fbefbf238d66e23e634522751a8e253f8f8abe95212d3dc8e790706d7b2d4c97f245e887b7c0d23b0e6e97505d3339cb7ee3ff8f7589bbaff2edb4354d37953726ba4665c924ccd71b08f42961802817c7e8552c7a50fadb61cd7dd6018962f3e16031452cded580d896609771975e3a9bd5d295a986fc7fc9a807a3de6141a2034a46061d6baca382c03b8a367961b6fc7c9bae0702bad5f523005dc405d1a72332ecd9c9eb21c86a6f9d04b033e96973f73fd24963c5ce7eac9f1b8d4ab4c6cc73add123d7e92b152b49671397785db773af671041c686bfede330a222ee08b241ff9414e2c7274cfa92ee5e0d63a3ee0e1b701c80908319ca2bc30d3fc610a706b7d12708f373b53ddecabc758496d31c1dbb3d2671a933bfc4b8bf0dadd2b8bc8997e5143ecd4e33022da1d3c61f5480e894018c2802702ce0ea1a51", 0x1000}], 0x4, &(0x7f0000001580)=[@assoc={0x18, 0x117, 0x4, 0x7fff}, @assoc={0x18, 0x117, 0x4, 0x7ff}, @op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x3}, @iv={0x48, 0x117, 0x2, 0x34, "73e383caf3086118ae7eb13217ce8f355bdaf47944fefd1425f1cf13eaf1f4e69545dd19b8e43aa0ffaff23cc4c78fca98a9819c"}], 0xa8, 0x24000000}, {0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000004c0)="f42b8a2ba76373de7e6814f2d237a404fadee40929538527f83616ca4ca55918fe93801eb201ff3ba249cf6c5ee8b70b2eee97a5fe28ae4c3a7e368e28176ab615fc45b3048223a37ee477a493e63a4197df1507a875db14df77efc7a5c5d135b45d27007bb2c911ebc56d9038824cf1350422126ae72fe0cd45bd1ed0cbdc", 0x7f}], 0x1}, {0x0, 0x0, &(0x7f0000001c00)=[{&(0x7f0000001640)="8d256c6a744d6c123a87d8b898c6b69d2871b8f2b07ea292f4946edab79f2107698177a94271f5b869baa767a5d3b76130eff19e61322a88696bf6304484c399231355b29d8246ec4798c2883b0a63a772e7be2c85b4d5f72ddd8182415219ce105cfcb773af2abb5ee52978fcdd012de0a7578ba3d6cb6b3a84f35e446dd6bfa0b55fa10f0bd0ee07ebf9253a7568e05cf553037cd0e3d05fbc9f8aebf6be5671b19f1f3a02", 0xa6}, {&(0x7f0000000340)="49c7b9a5de9ce4ecd2b6a5efd576da911a66", 0x12}, {&(0x7f0000001700)="c59c34330bc4c672b8cfd13bd605e0e7a84f8c9bd680bf042cb9a88077467a8c47c9e063bfe4971b987a2ba5ad1bce575b9f8b3903e5546fc81e30383db34e427746a274918033ec1326ef954d10a11befcbaf3f666bfe8830333986816ba6f7d41a411780d362ccff32160d5f999dc4dfe71711882f7b697ae82c1ff7853261483cf7030b0e5a9f589b319d2abbe90492716bdccfdf4a839785b995ccc5b5ddde29c7c667a6c18741fefa9d0a616c5ca358e24b0e449169cb69409302fc56b0faf52fbee5fd4e4902d31c48535d92b751598a94bdc0babd8a82211fba885a954f5d59a0", 0xe4}, {&(0x7f0000001800)="a2c2b2e349ae9470803b9c6f2995dac03ab29136d7105684", 0x18}, {&(0x7f0000001840)="813011c44b8e37e0c5fb35728f4a6db31381169c43bb9d43fb799e4ae3", 0x1d}, {&(0x7f0000001880)="425fd27a85bae210c2d2d4fc6d72c35d932d0818fd95af1899dda7ad5671a02b0cea22baf1835e60c32f61eb0089c1aed4cb8bfc3648e859d9f31871b31f0066704225a1ac9668463be2fb5d7f866ec3e1e6dc52091729273391c028aa898a4c774f94d520b06e9cfa96062766ffa6065ac7cfe7e0ba082efc5d0ea388c6ab1f96d746432cb695d20c914d658b6c7b079b7fb91725631935936877c1018e630dda5af450b686223523e7fba7d00d112ae4215d462f78d16c3e137998e2", 0xbd}, {&(0x7f0000001940)="6ddf465b4301a9d21ae4a7f693bd3dc24418cd7905ed9aef9065ccf0e68a4f4cf96ce1098aeaf51077604f0d33866b68c4d8bcb59a16fa7264b9597adf65090d68732325a814aaa52ff59ed9bf4c3facb395634f4b688a41cd625cbff32bc9340e334d431b9c90c16260974c8bf3558cfec39011", 0x74}, {&(0x7f00000019c0)="ef7b2a6914d0c625f5e1df8f526eef18ba95b0f9f8595c6f8c0146c2e4a5d94f10c6b32876eac7504f27a1cb736da19254cde1ad8f7f062916867b35e845e9ce9fd5384a556add45497aec4802d3f4e1f7c4496dafbe77925a5efd4244cc", 0x5e}, {&(0x7f0000001a40)="588efcf45c5f86bc1e1b521be425962f43f2021586e0757a1e63896fba306f4e541b6d2d091849082eef2fb8e68814030969cf629d75c7bc503cbe90dfdb866268e7a95dd472e70489abbf8e0047ec948c9bc7394c8ae3329707b17272555436a4795da5bd2e7c9b27a9d50aff9dea16bab717ec3230bf93a22634dde33396cbc4e97ef96f0fa9994da7e67bf20d1a6e8b7cf6cd402ec8395ea30d0d7ecd2dc79972b61c8a1311d6bd0f87dba0c74823ebb09cf95e3d793977f77bd30d0c32133334fbdc57a91ab1ebd4c1479e88ea", 0xcf}, {&(0x7f0000001b40)="af95e9ad24e37d30bac9091cba2b32748e030020323500a835276ca34992ce36244adf2b8b1a1406e87f4bbc4dbbebdcbb21cfbedd029c849fefdb34a225b154ec7c7bcb2368a3fb6d5c320d4ccac1031bad9e102dedcab238aa2029cd6ae55b42d32db01fa4d0fed70f72eeb61160180c572948945e939680eb4775ad92f4b64c35c94f79828342c3e4f11a7d7ffd045dc8c7b098bd8c8c5868f9", 0x9b}], 0xa, &(0x7f0000001cc0)=[@op={0x18, 0x117, 0x3, 0x1}, @iv={0x78, 0x117, 0x2, 0x60, "bc84f00583d10a282a3450fa4283a52c73e88178df8d05b1b06ce011b7acd2edb11a20ec698cfcabd3576cdc58907ac1a540ad98f774dea527e87fe9a2f57bd5af79c422f29a39acdd452b7b5e684be1ad9a1d23e7b7b16209d20dbb299756cd"}, @op={0x18}], 0xa8, 0x804}, {0x0, 0x0, &(0x7f0000001d80), 0x0, &(0x7f0000001dc0)=[@assoc={0x18}, @iv={0x50, 0x117, 0x2, 0x37, "4af51004216df9a458566e6376e26ce4d5147d3e4bdf495f6944c82a4569d9d9cad643cb1a4b096f6edbfdc46219ab6e939ab4c827b368"}], 0x68, 0x10}, {0x0, 0x0, &(0x7f00000023c0)=[{&(0x7f0000001e40)="b173fa99911900ab0354e67b5bcec8cbcfbca2f35bd6db4d4731440621f1aaa8954f0c979ed65ea70a8849c0710019e3a93d2bb72116fc139868e3df938bce2a46fdd88750eb3cd68d98d41491f997ed6f093ff5693179605465f06d9959c9b4849eb05b9970a82133552189469b91b9663bc212c957b21fed4baa821e858e3d181f91a27f8584c3bfdcb1f364f4325dac1efbed08e27800567e82764b87cc7ccbd230a4752dca1619ca9855", 0xac}, {&(0x7f0000001f00)="9bd189eb40d724d7f2a2936077", 0xd}, {&(0x7f0000001f40)="4a2d082c6a3f806c5b8cd8ed7e755930a932893e986474776563a177aa1667c12cbd98ef37b30aa608ccb33c2805896fb38368af977bc33878f8b8f0958d397293bbe6fe275c9e280721dd8197d8c7798fd73d8d0f9f79984c675110d25716ef9789acbf3e77fbc5b782ea57f65a0d6d2574b9b7af920c3290b556520bc48caeb8f4d62af66a5ac01c3c66d2c93ad55ffbdb65a1a98628fbafc544a9342c9e51c0350367d38cea1cc1d502f8e423e58f9304fd21349e5d559a3bb0d51f8da3635869fef94f9f22bfacb578c3c8233fb2410c71804d27708a0894ca05db28b5ee74e0514a6ed68a", 0xe7}, {&(0x7f0000002040)="5b2f33e22c9983299dc0e1be961933a316756cada147652b4c4b918084bcce66813888600f2b8a40a8dedbe404a25ff5c585cbc4a0d58f117e6beb3282985f1d1403807c2422eac314653685d7165631966bb0685f2c3066659bc661ef989d11d6d57b604e5369e96816f7b81763b8d1b4a23ece23bc8a94f8aa86b3f8d006b0de337cb72c2a6dd6d58c099ee13f", 0x8e}, {&(0x7f0000002100)="5430d025e3b1f18e04c01f01e730551870fe79572762811b8a93f605d7540b050875f8eb82116fd5ff32c287d3ff04acbf0403f469207dd8f6c3aa683764f21a0819d6ce8e24e21094c00afc055f238571471fa7870c9695b51a659c35581599585753f16af93fe4f9d139634718a068de97d4bfa35d7e2047b4a050eaafbc7ec9c88dace01d22d9f9595267b74c89c49fbc073e5bada1ee5f15e833a4aa1a1003570dee4d43a9d14b5e6068c8613ba6b9eabff6fd81ad0c6b74cdab83eedda08a4f0848a0edbd", 0xc7}, {&(0x7f0000002200)="634fee3021caeb9f1a76fafdba51a673eb38e13b30724e65bd4799817215d356772572ef91bf331797ffccef14d3910efb2b5e33a827884ae47959e805c60c401345e90c411df059b93fd96619a0267f84577adfe845aefe38ecebe3487f43e7311f0df9318d9ce13c727b5a4efce49fac5ad33b50147e161bf38cf3cd3c166ebe6f1fb94f4911632644f402dd9ac027cd3c8dbab6769036d4cd607ce3c08b1f7425b972bee762932cb3ed465fe08d7ff935130c5c4a9d0a352680d861e6f4d49ebd11c0b1b562ecae1c3fe51a440d97b7a702f3fd5ee32d5f6a97", 0xdb}, {&(0x7f0000002300)="3dff37a8df5923ded82797c03059b5291f72ceeb705d2c4181e19fae6bded3f87b41fe2803114a0dd36d7ba1ccc98b7dd577717d8391469636984161dc264a05e226f8a80747bd69faae75e9d1da2a50f0b75a198468b4178af8b86c8edd6d80bfc491948b7b48aca8056e07641dfc6bfc91172a9b1ba3accd59b9e5703fccb566876f1df48bb6bec10e4d8c55d44b5f76fcfe94d8dfadd4cb6b", 0x9a}], 0x7}, {0x0, 0x0, &(0x7f0000002740)=[{&(0x7f0000002440)="977d61831984913643456062c85945b54ffefd0181a47ae1880af5e591e25bdf29b46de2d326740a8dfb30e1976d5382254c7ac577c75d5a7eafc45c1b5e134f06cd3417b81b4fa0ff9e46fdb058aa9e3dd62203dbb9ce39ba3d4122f6af041893bc0725786fa503d4e7772d5a62b5a29b6d00f4f27b352c1901ba703eaefa59d6150311c60ad856a0420be9ff1aad1b91e9d7bf8f14d560", 0x98}, {&(0x7f0000002500)="eea384d728de28ca0c56e5523ed79c0f7d14a91bcb5a9c522257c1c0089dc32d7aac75ae511f227bc00e6d014aeeb6ee3cead8f48d6f1483681bd3fcb14e0ff52111b54760e1065abce58f4ce8cfb4e32a90722851c0505925fe04247e56e60dc8e91eb5ee217183699fe1ec626ad1e810e3e4077fc3f5b10aaba1ce75af9c2e6628d49959fa390b3f1e71fd342161710f85b762df37a39456288125acf678de7861db5484a13245ab5214a89accfa09125900fdc0aada08842b37326a948b", 0xbf}, {&(0x7f00000025c0)="c7c6680d5d8f714dec1cf57dae401fbcb6d7d1542077bd9b09a579d134635beee58129c854dfbfdc540e62df06481950cc2ef38ee9225f5b63", 0x39}, {&(0x7f0000002600)="211b6dcff3ef4cd9a2aa8874f200847c5941d932b11b8ecfe11bc86b3a12b2a96e61bb1852a9527439f6760030e857c8ce1de2a3cce87d3d907fa701904fa1f85995c135651af2b57225cd76ee4078521ad9809fe72cb8de6498a1531c278d49abda2e30739821f9c898168ff8b39a6727c13719dad50f07a6d93880", 0x7c}, {&(0x7f0000002680)="cff9af5590a2a898134e70f9b653a73d7c14b92ad22565b1839554aeebeccab61a91a03dc4eb3fd1fd2c2f4b14e99072384c4d2ad7d7d753197912f37f1d7fad93c90a5c0bdd98953e0b5d2208bc6e75aff4ee596d7f7c16670b5e1115c8cea4ff7294d20117960086c2034ae4101333750116fbc84167a776421a57863aaf8d11a4636377641c35c0c301db7baa0414acc31eccc57a912c22fba68542432bbbc2bd7b37", 0xa4}], 0x5, &(0x7f0000007100)=ANY=[@ANYBLOB="f0000000000000001701000002000000d7000000079437113ee799209cbc1dcdf544c0742ee9f2365c0159833e5c919d25be9240a145b2dae7f0e4044394dce281acdb8d32b5e24c4e5ad412097c04760f0be0a871ee87a65aff2a5929efd84b3ff3bd4ceaefd75001515e94a26dacc72cf5328366e8a68274c85bbd36992d842f18ad96b78ccdb304f54c7136cae0198647b8de523a3d38d59a6bfdbb31afed3dff2156522d503968e659451436498dc6f9c59ce3b1d56c7fea7f7bdaed41125c5c8aef1508c3d7321e11dd5b172e07d8774f724a7d8213fcef067082198963f7cda41b182ccc09bd09ac00000000009000000000000000170100000200000077000000d61dc608dabcee6c6b2fd47c871bb7bd637525c60fc9472d12ae1498a03ed758948ce39f89b26cf4725e38a86a02dd38ee60091ed0c194a39ddc8a0f1bfc7b8aa19ff6bd999f330b3d01983c08a19c8f28bf91b4a8b4a0fca9c7e86411ff711387cb2e5a4e8516a7a7e2d0cbb316ec3c2d2005dfecfc700000000000b00000000000000017010000020000009900000058036e8c144141819eb32db4c2eb20bfa8ca1f7b77463995456985b22b6878f5236c21f07e6bff4877e58ad3642d7a0d2b570f26f2d5b10cd264ac507fa65665c61f46452ceba4480e37c8ba6ce12603d4cf0e1a7d2d111e9dcd9f9ed564dbaf104ee42ed16a90e9ab70aafbe9cc5c6b14ae32cb082e3d93b85c0ca421366a4dca1681a7ae4605c935f4fad4662d155d7bf555f97f524fae7100000000010000000000001701000002000000ec000000b06e89ebdc68469277c29afc0a63d16ceb50e98123c48d8e9845d711a34aabe8c382bc4103381bfed5de5085618fe0d40c78b3b110001132f744cb08476d00b3f6ba45ed8eaae06b0514f344f55277a98f1ca7aedc952730cc378d19f85055f50b58ead39e92892f4e7573f7d04fb6f491a7ed6781f2240a48320e37c55e275b9db5217cc1014d5ed708e45f54d7aa27f8dd425fe5087065845a4d80f4428201243889b079c321eac8635372bd884679c967006a19a3f74cc117b20d1e3f064cb165f0786f350437e43bcc83b2a9443127553264b1882af53d14cf5105877be64f776c0b1ac7ffefbf0258076287b67f616061206895e848c4500000000000000017010000020000003a0000005fde5f6e3fe735143cd85d3442c8574a4c01b7667d43d43b6a30c8df15e7367c659d85da09d55be42080b8d5f7589553e675af281c9f35a2e9a6000018000000000000001701000004000000060000000000000080000000000000001701000002000000650000004596b83109a99d175e42475305abf800d88271babc558ba9ce6292112129ef1f62e91a6a16c597296989180a041bbfd7a2cabc477cd3ff8860c470b88102c2e97eb7237b089566673cd57c15a0114b972f8478779deea094ead205f55ffe5b67dbb6bab8c90000000000000008010000000000001701000002000000ed000000ffc87514fc8c4a24a1a42bc3f707e2780c257bdb43d888652f3f4a941b165655d11751a004af7dfa68a0a5b4d37d8db17785d5976880469eca03d9f174aedcf7c2bf3aa79a817d6d00700abb995c8a86c64767a48d2b6b9002c4aab96f88133d47f51a2887c1ba0534c5345e2d7b40287da643799111b72d28ba3b4d52efb99741e77ce346d551c97934eb58ba8ab58a10a2816803913cb2d11a3dcbd100ab17e35a050d9597de2ccf9360ceb2b158e41d27773b4dd911251636fd6710b6d4ddf87cd472940dd95ea94dc583b0a93c5ac465947cdc710610c023ee80d40b6c44607167ba636ac645a6bfba5c9700000000000000180000000000000017010000040000000180000000000000180000000000000017010000030000000100000000000000"], 0x550, 0x3bf22795153deb5a}, {0x0, 0x0, &(0x7f0000004100)=[{&(0x7f0000002d40)="f31972f513f416adc845649934a9fde144bdc88ca61c67cb5081c0eb27d31a05251ecc3138e4e15003c7dd1e4a64cbc8c8e8a157f94125e8d02297d9ddc6c0c0ae4b34bfc41dfbc046c4db3fd385e5db21131251c2795ab05f56122cfee1e4d3", 0x60}, {&(0x7f0000002dc0)="174ab4b20acb2baa23892b0a8a090dcd35a500c152e62a25d69db0446061e10ffd43bbfb5e500f6eb20378e38c7ffb4b344c5cccb0c8ab5763d551b57ad0a4da6f6519f332337a9feb3a96935fa7357647f4753e9b0f7a95e3ef89b5185ff0cf8699dbc88c9379d2a27ae69cbc0d230beef9ab5f38b2232167d029f530bbbd2acfc3e6b539ddc32322bdb2339110fa5a785acf0bdb5ef0c406351fc987fe153cb7ed75f646bc9b51cf1378b447f2053a9ce53357ffc8325c2931", 0xba}, {&(0x7f0000002e80)="fa4fc2e34c7dbf318797fd94ebaf34de76dda0cff4226298737fd07285b1a1a145dd89b3a29070a96147bf857971b092c5a3ab321b2bf8b17aff8e7f28c085ae5136109f9ce61bffdb234d1a0f76ed0a4f237f92a0afe4db546047c079defc22dca9127cb3a06961f79afda2634e27c935f84a9043e285ff3842841c8efa3aa3c72696cdb1ba5c", 0x87}, {&(0x7f0000002f40)="44b4ee5b18fce1753106daf61bb7dcecea27fe78de8979d0bd3702faaa03d06da8112318075c5bd982e03ec60483c7e1ccc25c12288338f06ae040c32494240adeab1d5b3998b124c1bb0c75b8d076a89524cdd5958d961d8ff157869f9f3b2da3755e193cf1ff3a6216c9138b2c4423ac08a3f071301c6499487643dca5c54be305668c", 0x84}, {&(0x7f0000003000)="762b33ea5c3ee21f086b09003010a64531410a9539c82152d016d7dd", 0x1c}, {&(0x7f0000003040)="d852d3fed166dc513edbcf8e6b5ed2a3ac3899be2731d9c1f7df98c32826a2ca6c19c2b7bb03b16b809b0f75ee297c12281c55b77781ffe7a3317f912544a6c40a7d010bbed88939838e74da68240ed6156ab80ead3fa2ccc4138157a273d65cb6da78", 0x63}, {&(0x7f00000030c0)="6abc93cdb14395d22f60389b", 0xc}, {&(0x7f0000003100)="8d00e7e3871073520902e79646066338c34c902df64446c16878693d6bd6c59b392554933693cf3a3f9ea77f8425b63d0c74ed407b6eb3fdd2d5093c8c9327d4ffa7eb4a1594cfbb61353dc30d6583679522ae1ad11092ff14329be2cfc1fbf2929f1fa616c627ef40ad7e54275393f4d57c8fc8e6b3b32e5cbcde364646ee1aa0951ba6432a29bb33c121a09fa99bdaa115271217d64bf7a75268781509c174c8ac98ed90aae30720a6c4a9e6d57ef17e30a1f45308ca213bad9c192efd0e357a3539027e30fb252208f3f0c8eb49dad91a736673a40443c6e6eca29331a39c2f82eb804314ed4c19b6d479c09cd33aa6f11ccb5292a91827212792c779143e630b46e0e1e8c1ba82dd7f83b72e2d2c9e6854482a4889514e2bdf91a8c3ba04a125432b2a98a795e932ae6188fb1aa821385e96185222ca74e266ce1652d6709a492f71852f5c0e16cfb77e6e926e1df0b684d8343c93489aebae0e8144677e1198f31cc3e234aa06708d7564afffc2f616670173d9223917c4e66fbe089357196aa099a692d00e67f46e02f7015264d2700cc43b68f8ff51c1583f2f91002279405154b58c3565339852a2da2bd3d400f5f1bc9a994dd37850c229422f4bc2ce23f5ecd7586f5643b3c9134561e76b745d54416e88302b35c84d2432d28183a2fa6c447c4b81cead29be3e7592020a7881c1c64fd2804c1ebd620d137fc3041368e8fb6415bbcfbaf28d41547f3518f0ce8ce2f056d6eb3695069bd86fa5ae2b850b86c7bc6dcef813365c92b382928ddaa8d29f0401cca4c047181a96a9594aedfd721770f595a1d09940466e99e3db57ddfd23c8c52f3e7608530beb4cfb1dd79a0be9a88f9c4a8181f514e47d2bcba2c5e96009a49c226fadf94b2a4b38e84baa9e95431362d8bf436a947545a0cb06aa1c085990a3e47131fa961ed5510cbeba21580b235a348e8566a4b3f89645285a2365478b4997cf7b2164d61e65741f9c0883c1888e81f7a5e97dd524213e5decdc9f8b87cc1321e91059347b87009004986c984364ec5668edcecead2298ca0c841ac842282115a2d3483606cbb6116e527033d9a0f2e36649e291714234b55c3b042e36f67d570bbc3e62b4b04d2ad10b12eb7bf8f32a86ce87224a7fc89fec7f2acc0034b5e5b5c98e364fb115795bebe68d501b82793908b5edd1504a66b84f05c0891cb7c96261ba5badfcef2138bee5e482470dbdfac0823817eb647220c55473f9ddc729132ab9cee91e500ecef082089f8eced0d136f565d26c7147e1c2f0b70e88453e8d5abc6be5e0eafb782f4c6468a6739cf0a08d043cc5089197ef5eeb53bd45e39c06aa0c310a2f38451d059af292b92544dfd16399157cdc210fe1a5faa052676763f1102d3d8bdff7926f7099eec08123e011ab984ef70d543f00659895264595987fcff02663e91ec1104f2d76c173b87cff1b0b06c0a7ce08ebbe0652f1b50ca8792e533f652aa13494748579a9476a501e25cd290ea26c3f934316b1c1414eb9a108a5ed7935e369cbac9bad5e73232b5c9140c832d63fabbd66d96fd8e5864d8778f1e5b832621d65c090430f450ab7e0ef739ecb7b042915bbcfb9dd1359d33028e742716ff8e881c141f2f1fd86a6dd3b6176f9f8e16df483d4434e16e9ebcd9ebf1c5a6fb9f833e54daf59df7fd4c8564ec138c7f89bf71194a71c7beffb8bd9005a9da39c8097ed879e3fc7d8b1ea2837fcadf421a527aa361502671e900a1c9c8160267ab653f508d26096d1fbd837b1f84435fbffecff137e60f27cbaffe7fda50db22ead4b24c0cc24abab3a4b7765364fbe0d84099c99c5453c941c531d8180265db051c9744c884a969e8a7e9d50929d520741bf1b40989b9357c38499adceb9123ad8d8d7a703072a2f1c874e2b3db786b9fe310ed5bcc300466c62635cf7d9a129b0de9707cb523e2f69def8bb269a156e674c9cb70e9b1a014919959fc0c99c86161491b4c2e364e2e0f57aa7b0e25def23b482f6f6d7a6c715dd2dec76ef54e4c7fb459f57bd881e9ed89eee098313bfbeb9bc020478bc40392f76523de37086dd7f7959a164163c7233a2c564ccbd68f0f391cb4fc853f19280d346880b7be5a3adc63805e5d39d13f6dc890ec841e96b6d617d4d11edf08e67be179bf3bc65476455a5871a509209be3bad0536a4a18d989ee206afc1b156477d82946e94dc131efb2e52ea8a1c667fec33fe5c476c91f7c4159fefb1fa909babdadb7194e576b1590a001abf73696f1de8a4db0e523b3e706cce499dc2aeec78758e27d648ca4e5f8596307b7d45886d691d9fa8a9156ee5eaf8815ee7a897323721503b4902dbd1166056056b1f6fe7bead6335dc1a5a2b427504311d84e89a6721e6c5c6bbcf4f2f546afbd224a61df61f4d2fffa22ed4b5773c43d5a517ca83a73ce630247e4aff114983732128a2151db9e7999c984f3336b4bdea6c9a1ae536d4c5a5eab23584bc4d4ff9cfcde14a3f81ede9da27820a871bcfbf6ab2b5f9e37d823a1c50ba10d62d90c2b9e4b57f4f63ec585c58f8fcc2030a4b1de3be954aa9d325397a203c22ce88729c7e7f7a30898f3a03bd551030b9091a26821c6e9324d6febf86ff967535c1add3c84ca41f116d93d176c5d86af3977973506cc2f5560abb9d60fe3d9079f4d70d2651aec54c345a5166e724cad3c597d06309ed907a4ff97389bb6d348f1fe86646e7c5d473577d091e1c6ab1f4adc9f0b91cb678c09e0eb4f1022f4a9f334ea4d213d81ea89fc4f8caa50cf354b06734870315cfc077dfdd3a35a007b66bacb49dd2f11ebdaa4d7cc035589a2c4bcd8db7c863deba40feae2d4c12169b979ddfe741cbc793c4e95a6ca82c5c631564d6fdba583a9366b4e41fc6d9c70f3a6d9809a1bf7cf73c40f3d853bf89926ec9f12f37f363c0eac9d7d6b19a61d93f7c7fbfa822620811c318cb45700575bf1bf370c50785ab6e33e7caf65af604571d11030c2a37d50e416b21044da862264f1491e0e898db76b5f8271c4cf2bb85a138affd72f89af897533b4305ed522a4b1e8ba8e61d5a2848794d95390e54f02b17bd96084ad8e7e1f0389e5b5ce689b0831221c3376958ce2e63281c84706717390ea2c1918612d94c255ed078e761e13a1d48a100f5f06a12574f3b3c6ed1f6efa2f020b4786a8c4ec2252e21669e1444e6d5f3415a07ad294ed696aea0986b3c747576c613965a58d970c21648b81b867a4e63b18d597fb9aa9cfc965736390bf4f3daa6699309e3b8d53e150be4df84638d49fb622760be3dd865090d068ff2934555ad4a5986622709e84f1fc3ac169aa4dff628aefb764e4f02bd546f8fe9d5bb04887395485a69d57d76c5c3c1cfc6fcf0a7b90f2a922631da7a3824df34ca112f4b8433d30ef124de4ffd06a284f644481bcbbf3212747865d376c4c7ca9d05d870ac942c05ce5ec6f3186f16ae332b2a2c20d6a767f0cf13911e935c78d0b740d5a4fd2a44f33b930f1beadb67a6d197189c41af3a4b63ef496dbf6f078ccb0eee354f42d1f97b1a0f0106a25af990819a0471de160a3059bd414f045a2cacaa6799d710cc45b8888a5c6a8824592aee3664224b4c5a08ba6149975ded9a526d0b5151524a5eb68f5147bf6ac00e09c39a1e4970431859dcf581b8987c5754ab06a6b0a421f495739254db9346bbf7230fed4908b4ae392083e6bca39358656c72bb1108671f7aac66d3b9468ca32ef598ee28796821429c8cb0335ccb708578e7e3f90203e6e5bb6de802160f6cbd75f0364e0baac08b85b88e7986612d19a7512d8fd7fd57e47ddb9291b7378fa58b84dee07cf6fc2854ca4a358019ba5d63ff3a6242c86b3d7776b76ea7ee58b84f1b4c5af551603f2e4e95bc228a6519c932103395eb7d50504174b9defab072e868177dc88f66328a6eff2d1e5ff001da5981e56116b5658c4046f1d3167bf0e313bf680573f4623cf8f273a397c61abc75493e6f71ab2b81a2c32bd17a363c5362fbbb63a99999f3fe233eaf0db12ebe3b04aa973368467a429395fd7f524b95050d54d9f2f78b44142abf1808bc31bd37a648a2e1257050683c01431de2bc16f9cc3acab2041c11039c0cc43a807dd45f2cf70b323d6058a8718fb8bf58b981db0f44b840db4beec97378f4aa54c16bc04abdb032b3a8daa47c3b9020060d10d0ff2806254d5aa2d24a227a8df2942dfe1a273ae5cc799f1a8e0c044715ab051c0e65f468fa46b8af9b96a272008804d44e1f68e6763f8f2b55374119cfae3595f143450a63e223c6063b837b0089e295fc438396ed2c26a2de16db518a1a2efa30284d51e5c9f6abd3a36aa3cdbbc58810e9acf9af877158e3cddb49685e3358b6f878bad49a74ef6133325e46442a88b23e8c5c25b4a9f504c598a99d32c9c3ace3c1a163c204bb9198ef292bfcb22fdc1d201eab7f16a07eb3e47133ab682259f294fceadfd29a0099efdd7050c7674b1e852869936d58c306cdd2444318f3a89c3a248b1955d960090c0f1303c0278bb365add54fdd43a407bfb0a177d1580952715e6cd42cc0611fcfe885727fcbe1079025a0f9c0758b91af1ebbe82d1b2693905c2869064f4dead775cd8e92e9161068da4eb5b4a1b2b1a50f2f75783b225ac92871fbf71da4db996f3276ff6225c9409deee1beb658be7312218b0dc175783a7fbf42f770d75e2f95afed1a695d72f0b98f5d3fad197b91c25c1dd611e2053b0d39ddd60715055841623290438c4ce3f60b24dce9a83f2ee3d12fac41067acef38faf23a922222489ab778c4aa80ef97606f0034aac64af6a190e0f7298e2911480e8780814214aaa8cf020b160c86340276c8296c5d1142519c3b3c323aec81ec25c91909673137e00037e1d9e40cfa36b065ce86e5d885e5aa908cd7b65a65d391a630803bc107ce15faf78a1ab3496cfbd3d68c1a53cb1a59c6c4c06acba9442b1fd5c824fcc2f9c9047591231c6cebc811177df05a92f2f4e6aa22dcf5044253d7f281aa75bf9d09b35c3f8d28d7dd14ca0735935fca07c4346fe8b2cef8ef891b308d9d34b65a74e8927e9b05e06f85e5c857ddca64541b50a28ce51dbebff470ddb43bced924b61f225314aecb14cc8082b3e561e27ef97c88287d25647d92febe2252bbb2e6cb3c5a9848911bb20b55201bffd74afa4d972bc73f660df3ffd9bd7ed17087d25df971f5c44db409cf2405cd6ef6bb309bf48d7aad98338da9c5be3c9f8305a6a434c6501af0bedd36c5296562f1cb1b1c9c62b005fe133666fc1ed815d87b45b0dd8e5eb9b8351dd4fbbe2bbe72e43274981096a36a81f76a2573d02b182ad026c03b76b8bd52328b00ac1634f221073b483f0f54d5652e8115a7280eb15bc33ef76f655937d26940381242fd957fd71a2f33f156931fa52fe0d0293281d8113fc0e28061b528f88b8063f9a88f1064dd46ab0bb790d876ffeaeaa70545173d4d49e2139372b29a0b3e9bf8de9cb1d08c49c147ffb735dad44e6ad07d8c6519eeefaed4bc770452897e644a0983edcb97a753b21bf08d1fe17262a60ef93249dbe43cf2f64afef3c7faab5527fd9649afcf179259752141e73f955612f30cee59a03d5238dd08e5db6860323f7db0189178552e0d0a29a9df61574b97ab8c7293d146f3afad5e82369ba6e5230c8a1c36a7f71c77cb003395658cf040692bb3347fbe2d1ce76d08cf8381d0f16d79b70b530266633aa987fb941a03477cd2214f2d22130c5f1c15844fac9d0094a70653bbcf2", 0x1000}], 0x8}, {0x0, 0x0, &(0x7f00000044c0)=[{&(0x7f0000004180)="4055385c201a95ea4a0001b78f67cea7d0dac21e7f4915d5c0b094418615888e66b88e96952d7de18247c90880768db0198480c13f76cbf18a7c516720db0366e9e29cb83d8794e70d7945aa4eb83fe203784294e4ed851a3a5668d6dca0bf17ebfee52b43a25fec80c5012f5a9da3060634d5d9a7e612210a4fae374a5aee71401124c58d2122c311499fdc279e38ac80562065ad1c8aa77ad5a9be4899ab2fdf2547b54fc00adbf28bc350eff7d4722e295da19bfa88659ad915e5bf40a7855aaded805a8adbb6a3bd4df67ab22fbf6fb99b7a7c1ea5bc5506506de7dc01153f", 0xe1}, {&(0x7f0000004280)="bd1a32d671217d04d14f97d051287eecda1dd28012f958311a327b2757bea57d3e21a78ede4dcf05fcdac76b0f837c82dd2985cb936a77a30fcd6980297ddc2f2137b4a0aae3d8444b4779d8b0762b431a8523ca38d530db63f2f779c5d6b7703835cb5f6eb01055e8440bdcbee6543eac7d9dfe1807cb43b7514b6700858b3fa30df3a06ccade21dd1b3a4808f24bb995f35ed8f9073400dd050df8587909a977c920494c34f0622009e8d73d5e1ae861a1a11e376ff7e4c2d4a61072d2f40f5f9b675218c0fd40a48c39446dbbdfc22b8ae2c9e4c389da761a57c30652c6", 0xdf}, {&(0x7f0000004380)="29ed15891694907493275fbe48e971d3b07308b7dbc0efcf145ef03d9e367e5242338ce46307f3eb00f8f141fa59650ffa02790cbe7319460911891951bc014a57cd56fb1cc1eb8984aceff88110fdafe8243ee286255eccdecdfecab7c47ec0fb534163f670db2cdc7f57", 0x6b}, {&(0x7f0000004400)="60489de84a42639185ec7cf1a5d38a1d153bb6e9bcf92e74d52dc301c3363cf32c2a90c75124f209616c254b32f74274594168e7ff19be5baa86f81b41c3a30a88b8e2b450000b643766aaa0009789e1e612d5e020c210b5766ab5267cd93b481f43baaac69e9b103e2370d1bada175770f689ae977c1a469c02b7aa88b566d9fce4b5a2a98096dae064a4254252e62264", 0x91}], 0x4, &(0x7f0000004500)=[@assoc={0x18, 0x117, 0x4, 0x7f}, @iv={0xf0, 0x117, 0x2, 0xdb, "2c6e02f68c343dc3c160ef7ee6d3398484d50b9497c1bda894035f277c94b411a34b5208fabd0835a2aca09f1bdf1e39f6491a6febed8e3c5cae6aeeb9373be6baedb68aaff2a66ce1db02930fdf5adc79db9ad9668be28bd800d78d8b4e869a4534e3237c505992d0dd4ddc421cf098a5abab921e0f09c84635e11dbccd1a24c0653be8bcc8e2142b48a751541abf69b47a14d4b86e14202aeee328d834cfaf7a209ede0dfb5176bdcd28140622991df3c5423c598d97284556acb03e5b172cdaa3660add0db5509d74a86de47bfd3449737deaa3285ad6f38455"}, @iv={0x48, 0x117, 0x2, 0x2e, "b70e19c3d50df4a1b563bfd197e869b82f13f40ae7f085216d87a174f51aadac188e0c7c16c2626f6bc3e6d0e985"}], 0x150, 0x800}, {0x0, 0x0, &(0x7f0000006700)=[{&(0x7f0000004680)="2d26e16ad7562432536de677acb2ce31b58c57d80538ee66a92003e6ba5b127d06764739dae3889afefb21d4fd39d0b01817d2c8c2b1bf8a02029f59e077c47bbd00715095ba6e9ea2c6eaaf4a4c6e43be4cc8d0eceb7c8c25d0c38625570935bc99c4c94dd5335d", 0x68}, {&(0x7f0000004700)="bba694981bc73b607bea2f45e66ce1c2af92b513c4fed616d12bfd4313407ab12afdf9f7519b4588bac2f5d6ff8773f8e099314e5e48e798fa05935de887af530ddf24a4cffbbacb4228a1e42fa149efdf1df39907e4c573a16b6fa8b13928769e0eb1f44d4ddf54f07a943325f98372053df5f3bb74be6a579004ab7cd31e7cc2c9a4d52278ecd8da9fbbae44a16ff38eeba383327b795c3b9fab8e52124aa3e8f2cc0678043e6405daa810fe49abdddc005b4a4b4bfb29598fb0c0a4cd831ce89b5c049214e057acdd0025db812060ab4a60c8b6a3fc8eebe920aa9ab6710496e514b4883c1ef0f03669f4f22278d17e460c0a16d8c1abf04c80a08d2f7122cc81e25f3fd8693a63e42cf46c54350c7aa79322d47875a64e35226a2ba05a974c5f845c7fa5dad8a9e10b57208c1c158b9089db83299c1d1546107c7144bb561c5dea8be02f2634743c2284f68d335be52cef2d6c16309ce8fef5bc09ef0784d89be6d5ae322c6cc4f5852e1166b43c4b567dc614773bc37dc9af64e29f1921511238466a7842e77e5eb29ec96f9860b91c573cfe68cf998919fbd2da1e44d6fd6bf859d4cfef21ca1f1aa9c39b86c88e8b1b27dd6c8893ad05095f1e170d80ead0a210ad0a1d9212c348dfd499d76a0c6dbdc98c3488d672598a18b4e8fd37230eb9cb8c9c73e613fd62f7ac1f5ba927d7bf7ce2af1e88c8465b9b475f08ef7d31153ebfa32f99b1283be749ad3357dd27935f66b51fa215466dc7f268750909b378443beb4a3e6900f4ac6d2d40b377c32400197f172b6e644fa9fae676cb5fd8ffcc99cff26c0901c39da24108427c73661f487af3ef814a708070e898ef027ac50bf5a876ac871744dc28eab1b7178daeaad48449fe98c239996f8b18df39444ece615a00f68573a0aeeb5698fabb8361978e51113ced12bb9b2578c2a640dec02637b83311c12bfd2a74230e23f3f005ff3d9a42918c39c7cce2eb1124d740806874bdc1790d42382f59a18a12bddfc45e856c757522166ec4b3f3159a34b143e042790d62762d07ceb924db8c22c692eb4705f9af85bf8cb40af7c3439cf4dd378121132363715759e5f33ce5efd97b608abacc882961e9e0b4ccca1bf3392c2674470ccc80156c484813c82153697c2ee7377a362789aa8f62df32d6998b78ad3d37700761d75842cc72b7f5126ce216a45b7be2b98aa150cc1364d4c35ed3a5f8b1b557d4ad3eddd4a5f41296969d99836b4fc5e1a982707d8282fe169cea2d4faf5df3dfa31a59258ca0a370c220d1f8fd77163d96f011f3a6adb457a50e42c6b58585790f97b22859d3a8d32f0c2c3d68541c10b7e706197ba8e6bfd9c6b3326a0707861268d93296275d7b540695e0b0803e42bda61bce73c3dc25f6262ed7c753f3d3d5b438334c54cfb68bed41481112967b71ffe1ecfefad8f71b2066bb3626c4cfa0694f4f90c051cfb71bbba309b4c1296cd17671f27327b592e9296ba74dde4c7141bd798c37d789b103b85afc1e7e250a2d2131464aec2f0d3508cb5b1d8e34898157afbe8859ad58085b5c5cc0384ebc73a0a2d562352728aba1b9d4f42c0bf571ebfe006b41fb56be3a5b1754ca9d417430454aaefdc60edad885cea9b8c5d655f09dbd35fac23b9d03ad66dacb572f4c153f9c58007b6f8fbaa1ea6a811700339253fbe82928bec556bcbaa406d0e98f079ac148d623983b01d4b315db33549310f1cb32c0746d849a387b699fcabfabd7654b7661a2c92268efe0a606b1e26b9171676d7e5f878db57fe80440058f70dab1f6f394ad76b225fa7b23d4c2799b7305fb22eec9fd1b5e01fec8b3fe976c4b3a61b49791501f90786482c203629b2a18fc05310679f06f95e01c70f5bb35f4b18f266b88cc914531685e94ab2dd8e7450cd26cb3c2f97c0ec50ba34ec03d8b4f7201244d8b908a7c6f7f23aaa6165893dfba520ea288355c865d1d8ef4d526b7c81b5f7b277d338168e3d4df0a8abd430e6b0267433dc1100004d0416f66b8cfd094cf863ae8db3b1e6e3ba2b0711988f7926a6d5d8634151ccd240bb95000a5b8cfac88fb64bd08721178b40ec664ac8fd4de6cc032be6c2378f785b6c4119273c9495c5e9bd349956e4843e519d16406eee624c29a1b6667f7e39da1f45e381e1bc5246dc9536a056e7d509d419934859fc6c4baa3ef8d4f97338caa80b5eeaee2e1c88fb04dc808064ec667709fe262be2feb98e5ff41f9a3c57faa7e6a9ddbd82b272da8c736e8d4f045aaf36941055eddf6750ed95744ffda06ab0fc5e540e5ca87d329b4b33589da43b70f8d1b10c3d1db694634933130a9907b1c884a07066fe4f8ccf4dda965a98ed0b24eb2ef9fa4107fe0d82fa0e709de0d2bbb048dfb9b0f9c4b081c2e8e385ac2c71576582a42278e964437fb57bdf8165113eeea2cb99219ff3f080a49d8197da44e0011facb034736c0d55c3cafba293e0cae5b8d9bed4699b88c16dc3ecddaa662cec86d8c84fa62493a2360c67790fa586dbc076a55b37d3c06d1e80fe4d134475a21484484eac4850e0e0b3e66dfa4dc5a7c5bc25fffbb78a3a22bcb8820ba7181216e564f4c2ae9c931a7d00e723fd6ea58c360f90e00d4e0e80055a7eb3cefd10b5a37b2b4e228b03a29da7fb585a45f349a0c54a99a09557a19c153a21e15c1082eafc8a2322ab37be88871b00349efd0a75421fbfabf9916f4340c2ba5358450380de9d56761d5fa195a64c4c463ded95a2771a2c411408e349336b7f471c7d7faae5e09195acd28d1dcf9974e1687777d77cdb81812b4b71f01630f6fe4f2a83c3b5c1b4f5cc66527d8ccefa35c161c7075f2807ab828b9301cb944e6821b1a5df4de2b07a9b890e61dae339276336297f3c66cd59e67a95f0377e9a9824f002675c8dce89258d3f5f4c834d2d90029cdd040e8a8ccf81f87bf4c2d43506b2f5bc78392be289b1c99b0824d314ce54b6acbb5eb1f737e387aebb62743a3dcd93ee723942a663cd8cc9ef69c4a740eedd07ea57b084c2d1eb87977c14fb92afefb5fc6f7982858edaea56bd4570dc3a3eaf63e79f0fa32b9caafefe24fe5acae0093ec06fb3bb93cdb74df8a9643105c7b603a929d9e4aaaea5f05582d05693db7519d807c1c5640683b3e457ddab1ada2828187bdcc8f5702159408256a274a4959e114ecac44e560af7c7f97baecf918203428102c052b0fb6a87f3e564bb6c181f4d358a9580fc20f2ae500ea1016b66d912a3324d746c940e0754909ce5da5bf825cb10c99be665819c8fd976d7cb9b98ec71cf09da2ac0e716c83d3eafaf5d11776a87d2834ce42e88b3af2acf8ca490d1c4a4a3e785a678a29b0001553d7efc517345a97defef27bb180b15fe443949ba0d0303724e7b06f2ae4a496563155686901165b385c1f591b9daa3585c15a5f826f3bcb84b936c52545d92e32fa39426962b92cda8ad9212eb83a3e6f0ffaa2eddbdb23b991835f1b79684e6b942d141cba4dd973846a158afc8d3a03490bfa3889d1966f01bcdd5d5a3ee2df5c6a24b3b1714878e074c59752143bce9f6a54dbd485c3381a6cdb21b51c0a240601f59c89e5261f86737a6de21c30a5de3323b9e499378da2f9c61e57c8c20ac41477ab84014ca923c3d82f8cd0804bd472779b6f66c3b9bfca6889acef3fa9b816d5dd23e256c47a79fe14c999ef5b70e752922ed13659518886cf0e560c0aeda97415c602db2595089b1d9fe362ac479e5c9ab59b04f7e276db2434d0b285590b71833328032d18afe44204e4ce6427723d1035f935e3f8a94d9d6c08d9914c44ed1dab0b5865343b84f7722b2499fdaf2562dde0f2a7c5410065d195137d57328ecc5417b3ef58881faa9088561fe939a81d69e76b92edfc2b6443268c356210039361e2bf45146d90356a1ee2ccd69be315aee42a1227cf56157cfec33b628c704f168dc29facf9f77165c67885854094923ad490117f8bcba8734c59e7f77cb39fd63bd9a0c8e13e44f90875648c469b347713594fbfb7cbfe99b31bcaa5b6876448b34b24683b4aff4399e858caec3ee50a290d657a22f83c6a1450b1dc65bbaa3b86e0f9687b6e86ba1e6cc2777ed3a73a9d49a566767de4266e40086cc9fa0da74f596b4ffc3ed9bba14d6b3fe8d38d74d1cbaf3b891c6715efdec3353fe8e68e5e2e0425e135878f1801a4da5a603767e983b2ccbf6534f7887efb88c2c659bd74bff19940f28117307a5712f3d35efc8c3c9b9fc8b3034f27df877452a3aa33c420c8b14718c80f79ac4d90c19372cf2c66787cda93d60e9950dc06180445cfdbbfb5eb49fe0f50bb6ed23605794c2b394753230c1570dab4310db2995d4ee01448147b9416c835ad4fa3f3f1b43c716caadb5da63e9982dce8d1ceb1fa4da6bf8b39c3854e1e13d482ba34f9915be90bec6691445dff1b4dbdee5ac088c8cb304993d9f590db589bba2ee4ff1fa044731383f22e9ac54e7c2931d7ee2958a987476c683fa50ab5a7ba157ae3656a746b081935b785ebc8fb4a058214c5f76fca9545283a9ee501044a4fab87d116b7c5b77f8cabb143dd9c22ee4d4e6f263a430f19ba68dc04185a35c69ae45d7cf4c16ba16775652651c9b6d4638376078700b9544a830ab7e81d8b06f9b263d8a369a81972fee484d1e80af8927ddf3e7e27919ab400d2060233334d8b2b7be126c18285f6ecafcfa56438c605c4d1cd63df299fdb42b6a6f930d31b465bb7c6364ca63511a7f95aefc2e2b2b3f684161f30b1bf48eddba8b865a9be6db1c7a932d0d2b3091a9acb1dd610e546a549a8e8abaa995f88b5c2c594d3422fee53c39d5b42c81fa59d0327b282b1aa979ff5db1e14dc64317293cdc4e1b6787223a16c03d60624343e3fbed0715fcb0247ad1ebf8f71547fb7c884b15315f2c0f9cf207d301068217609f951b526b466320d9d98bf1ffafa326c614a5f9a6d21f6a9c483e87590384d03735862a19095f205cb4e2cbb9ea54e21c89f35f6bc3610ead852b0f5de67eb1fa6c6e1c145e298f137d16ecdfba786749dd28de452f2b5462702d95e591935c98e812fbb1052853856e5b21cc6e86dc60020bb4ab9d922ce599f7ac8678e4605cdd8b8486de906ea8b5614577c296f08d39b0f72744668544285a92e9adcc4ea420841afd771f79684f186bdfc072aeb868ca946eabff174e130ffcda575f98f76f6a185dc8c3c33d7e570bd5d356ed3b0775575a25fd4106286f97182a2cbf56fb696af6773c0c961f83d9a8b73525113408ba5595c5d31b90a2520b5b27ed31642a0aed57a89c4006a110a05f8fccfa4b4809a26d3067780b11cb14e94bf81e98a7c3689977a9f300cf050b5354202ab2d6ddd85f5ff6770d46762732391171d13a4b70a822d7fb56e98d92f7c4cec24f1168c4916f950b7ee51fa79acea6410c0c0db32c219ef8a361b93c6361e4d23c347c9a06ece7afac18719912b0fbf90b7f41fcd2fe1a9ce12f4c54c72462f2359deb1fad1c2a954336f865661ae41f1de94a1f05385e77bd31f5d2e6ce2c61e7555ccdb52531d5707767caaabd7d04fbe52af0abb8d54530bcfdb105c1bf2c04a11e8e19353727f7e1b8164568f5d959229096b2775f3411445425f5e4b835a197403612e1cf29a33ab46b4263f70282425d14ba20446dd64a385a96b744467e985cf9c283d261f423330afa3fb238126652a31c5c8e295958e80e3c0288d45ca40f4a9ad38e6a207131485f37400d31d8d39dfcda31d27ff46bce12aec15c87128967803", 0x1000}, {&(0x7f0000005700)="e67f01faa586463eda17caf37c2396e9760d4bf5ac184cae705a2dfd286cde7372acabcc133a91a68564d75e93739ac8267d26bfe04cd75ec6adb055dd1abafc7e08d22c3891edf6041b249493c3f97bc2016b2edcd54c137ec3e794a59aace954317977643670474d31661f618ba90309233c641872d8f00b090b882d89e6f4ced3376a5762e9cb78927fd1e77edfc993d698abd45f63f9a5059d50d47bb879ea42e01e23498e8b9cc94c7558c5a1e320f1a84ede12c6fcd16a0f913c16e676dc3249faa2fbeb3a096f615cd95b150c900090661d76ac9ad79c088a06d52a688f061023afb69843dc79a86769779adedfa19e88d74488415ec3e6953cfe5d284d20fb6e60fd0357681ffd1102c853b80df084faf6742afabe743d9dfaf3a44805285be0b52d01d62aa6e4c477c89ceb63c361e10f16e6bf1463e9cd5efae46f3089f04950f76aea037eb733835cd0299458374f7924b6de0c91643a8de47ae7cdbd7a171840e60cd459f5a9ae9524e304e8f8b096b259338f17d2d4eddb856b8b22b46774d70390e42bd63b6ad758f9e99320aab0878543a9298d509491d212391a2df9591650418d47f6f1d5bbf78b9948704d00ea6703e169a49fc8761ca85a9d9b5426ae62854e8075cb1f916af146b843a51694bb354cf151f5b04cda94271165e7f57b0b3ec4e1073000fa173eaed1656f6f3311b1b8dfdbd7845b11cd8a2655c5c7486dac67300e889a83dcc1cbd2c966e3a465ecdd38bb264f29e896ec3ea027f61af65060e9a60365dc8939d6850c1c084373cc171f5091fd5d6ba4fe7848545610e9034c4d42b6707b21e3b5ed6a1a3665c0db129af7bb85d259b6a89652ddd5c06390f5d685e05e24cdf0f518b3263064ef566702571e158d089690b0b40ceb2758df986676664888a4ace8b1e295b44b36ca3d9580b35624d3d702bcc0583c9d7d8a5ecebe21138d0d9513a44809cfa529cf0475db9b8b82a54bbd13c0d4837032b5344888062a727925cb9602b3c6ff9e6e8e5a09a255068538c57e229b07006033c8ccc338748f156e6bbfbc3a475874b0446231dcabb87301808ef089b9fdbfad7a0554339c253f32bf327534d78d443f1776c24a9f81fab8f314cd6b62cedf6e5c3f959481653578967ca4be9da2b5ceed6874acd990441840e7a9bbd3a1874f45c087b908973c4b459d002099de5148c632e37fb5cda36e04b05bca1839bd29fa10abf984d88b67a72c90495200bb220433737fd4036cd21951f96854323b1afd4bc7cee7b2786c5af191c323d1e66d428234d4612cf7d535d9fb328d1e353948f5c80410264d682f390b397df27c891cc2084b068e75da538ebc614ab5b2fe29fa1f8a31af66a934b6c45686dda4c1cd071d76e1b0dd054880fe768bca8f83996495737aad006ecce528d3228d430a5d561d57ca47a14e8998b91650979a02f73a530798a3440c4af1dcf1742100a0161fa41daab9ce99d05b869ce3391293c08c42e1db0a73407037b9e4001d042b60ad3445e05cf95c8afc649a39a8e179aff59874a7f0cef2eaa55718eee4523f2f20980c151a65c6729b62c868068ab879d4bb7e02918f6f41ce173f6f7e269b62b536fa236d6e77a64754866348511b0caa36d95b5d3d4258256e02abc7fe533a4dddc42b525676e4a246e7d40dd533bb8539a44f8310acc2a0f432984df948d43fb14dd66adcf5ff8216e1fae082715fa1a36770d37f6bf306b4edc6390b1900801934173946f65ae9c3af7edfbd3c28436d65fe855cc6b72a15b3c1c294cc181918ec984d85022a8c3e64709f18a1d81b7830e5d7dcb5f3d2a188bc7a679f78d3d6de893dee021f0ac55f61a6d735e99f25cf8f24df9930d20f4d9b82a7a1eec92f97e8614238be93d2c1e46050cdf823e6a8d4f6cb641c4737abf3ae5925dbe1d1442c1bf24f81da2f1015ae92cd4584543432554d25f9e7d03a55ad46a22f3b1f5a00fc4a83830f3a790e4eed83daf74ab85f58e505f44a06f22818163e8480570f69a0767d2a02e141a332174413c107e55c689e9c13e5c2e0c625559b659f04ee72f3f2155d1e6b0c6b5676f4587f39352561d183228fcb68e1b50387a5d321776adca698bcec6e082002540965c84e01e790a5a0e8ecade681654dffbf5d17ce92f65a929fb25da2d2f6fcdcc2e01e2812e5b6b53b36c6bb56ed283564e0677ebf5bb12f43b033ec3d6e789099975d078df0e723b8e3604c3d0668a43c0615077f6d29271a2e489b182a054105843da945e8cf0f1ee766f44f276bad23157bb0ef764554fdd55d87438eb150602ee86ae771283c405dcba331164fa9ede9a2feee00ee1d818083b3746841062e711dfa64733dbbba3df33b96127a4d300e3c2b1459b56f0258e53f9b0a92c5331cf4ff0038926023811bd026f6724765acce1c00c22f103776ad2be751dece70201d0780026233e3745dda8b92f1d8aa8e7a5ca294d877cb76152eb132d10f31dbad7dd5a71fffbe2aef1ad01f558e56428c7a533e068a422fd481f356980884f8026751a3a21d3294e4f5f0cc3ed01c732ef492efdbb5375218c19cd95e88d70748d7523ec6a436f89dfa2649887911b3cb7541d3e6410c7b93de2cfa4391e8aa6c138cdc33e0522fe2095dacf71e5b1d70d5f7caeafa9c5c4bd79467c843c99b466187cc2c38269e5e1a02ab2d2923360c72a7d673484606bd2d49094c384812b93122cd9a1fef90ce1f361c0930d05e08055ba7acfc4e8dffd79ce7df727117b71121dfbed2b73904d9eef42f6da70561211af287143b5291307eb9c4b7cbbae000714ee829f708b103d92df30d0a907b1d04ca85e6421eed6b297816cbd0f446dab58899ccc2d1693e47c870558f89eb161d4b2549029f6c924de86369505d28e9e3f2da1a6f050f9aa649f2fea789e6745b43b8ff3b9da0504c67c0974f55a854556472fd4502bbf9779f60045bf87fb3b3f9d78391a400bdfc7a52ed4160b4b305e674ce2eb962154479fa02eeff78ff09e76fd393afd2b4005989bafe794682baae8026316217a2c4bd9c2c24301a05bc38fc6fe85a8b9c897b3cc6c0813e9a628ff92b2ba753fa34b2ad893f5d1a389e4cf5b44d372be6493c5d0fb40d084ded2bb6cae3b4814eff07950387edc7a7876634bba814c14867a044909c8f6f4992422ec77107f6c347cd62b1a16db9cf01606b69aa7bbb256c1a33227e278adf9141853f243659847ea3c646da0d1f5b346bf89c25a8110448d98ea4728488eb4fb0ac48cb1d6f9389bf2fc9151e7a28ac120212911c31f6eb8518631fc5906676bd769c7499782ce33d406a26cab24be82edc3e745b316c2c48ae92e00875545bd3f995ae80bfd1dc5208a930ceda08f10b71b7fe023a556bdc827efaf067c9a2ac04a16778a5c2803f29a52d2d6dd9719564b7784924b37b234573346c076d4483dd32688654b1e511f54d7a8cf67f6e49d105a7bf867ff478439533ab71a615d22d47e430418893415ab82d25e20018d82652272f8c16b5c74a5e9fcd4e4e73b39e5a5a062fc3f494ca68c7a902171f068a75ce2e3540cc9405abc45a9fdb9c9b7f5bf9789af241764a0381872de6873d3dd4cc230ef56c5d15375e911e413bf23dafd52a8100f9784735a9d3a6a3ddd7c4e89b5c4eee4c4d77fb84f61eec77943bfa1a42200a24df9222f39ae39431fca4b9ba6204a1a4f909105f6ca467d382fb9f10dd9978359d9e3d1bcb1f93a0801dfb341a130cb940bb580658b8befacc26e0bd0d9de19f5eda2908e165c20c5bac403f08c9f12940d679fbd681c33de493a9ba34429b53db27a16cb31fbb661b066fd66943512c38ff36ae2e40fb66e318ffbf09d4caf9ee7a3195abab7b8e84a6c0f7b7e441e11cfb593173a79dae98fe57b53fd150d352f46e8eb9d20b876f2387b5e5a2b83f305b8be9054464a61931b61c21296af27a1d4509de933e289150cd93255fe42e9f85ff1189d51b123d0821894e710dfc01619d252538a6a76faee5c49673e8a03d09e4c4191c39e50c9f35ef912095bbafff19693dc51f4ce2fde575d6678c255701114a7d7a74d6b73cc8f013e683446a40e31d7fc8d9d3cb1e214721e2e252c34110c1a4b76f434cc8e818a4ae9dcce809d177808164d0fcdeb7fdee048866b7c1f9ee9848dc8083f820d9b834ac2f69abfc43ae2169f21a230704eba16ee4016d07aae1087b8e60b0b4ef963a1fa335e12f0588363207d79a1601f95f40a77b6d7522fc754d2893260e399d7965810bc229869f4d1933125076a0d9f34c7318c528da9627168e65a18b0d0a9788c9347ed518df85b2ae771fd976a3a01de2361050f07b85a81155d934fdd5adf2258957b224f38aedf339903050156427d4465f006a7374ac5a46ca08ebf35a677d6aa6d08dc6303c3f70816d6425d1ed29c15bc374081962bbcc3ef75e0fc8a9026f5b8398786401b2138b08ebfe0952e05aa29e753bc003cb107bf34cc921db5b9af8ebe468489546073564456692fbeb44e48ec8966df8f90cf6f9f91df82868f8dab494d12d79d8243db282de59d9a6387a0b69e816f5ecedb933e59e64d60c823f89d3ca74a9fbac5be4cf03a2f3605f8de887be4630fe2db857249edaff9e82a4755687bf82a9d4d36617028fa3a65884beff07638bfec6bc0aabe37546289bb931dcfa528e3294d478f4515bc3c0c86b2c0358dbeb96c676dee34a6e9a0c5d67a6fc9cf6142db816d0ece2178f0f21e38926cb913886f190467021653779c9b5eeba3d7efc1b7dce7fee8eab9a98d8f590d6d12bd75571269e8e8e8fc368470664a2074741f30b99d21cbdf4f748886e6c0c6e93773fba3514575d0c055442f8c7c4ade268737af63f8abfb1c219657ebd0401a12ea1e53d24f566fc4daaea5d4dcb8eb6b9dbf7f26ccf60aa1d806a0a25320f46033114ec2ec669619e43e61b978a32c1e9c10a0f0154c881b6994d93012e8a39b8f5c49473897da06fdc6a3105690823172ddce4b545282740b75f7b930e9f633f05a1f4ad1e4bafbe0d5154c76c217155a521cec0f64c52594895a26413e575e0eee249c40f2f71fff8a2f771b53a8ae2c330dc78d7428b151579d28aa271ea1fa753c64f6e6547989ad14a6a2874e5c54bd7683120636ed9503ff29084e1540d61bd09db8a861674ce16ad0e6f5c84da4e744a9c422fab72f97997f7df27b05896cc4097a7cab01a819f3b9260965b86b0d0eb8529bc84e04cb342623b385a3cae3d82e232e5272e2dbf360b84353de09e2352a14ac653250f05aed156e4f0718619ee517c980aac8ddceda39e9710f817bc1dd82dcfbc42f9e68590d34b358dfa3cfe5bca76a3dd5091397769762080bf2b28d9d91b788cb3c0f8f99bd6001c2424d5ded33e518f39911410653c193b634354778b782455f6875dbeb082165d435f54b45f5a225edb871e752e888e718d49c718c8b122d15f868b7f2ffc6b88107b870117b2412997baef291161f393f37bb9dd51fd09edf01f8f4a728bffe38c08e1131495aa96740a71ce8ad66f86a13636fe2de649d63d3a42b1664b481aa0c5532de7b0c9b8cf611f9393d63cdd10ad9d2d79be59bf3b6428625ef2cfe27741175ba68ff4feaa01a1fda0b93476b97cbd7170dd7fbf07234f0cddaf0c9351c5c1e12fda8abc6d166a51d99d26e47d1feb0a0f70905234fc49fa11310e50b34cd1743539d51084f1ad493eb5b3a907f07b881b7c39bc42ce4f3e790aa4c165fc501d3fd5692376100ec3885190dc131690a5", 0x1000}], 0x3, &(0x7f0000006740)=[@assoc={0x18, 0x117, 0x4, 0xfffff800}, @op={0x18}, @assoc={0x18, 0x117, 0x4, 0x7}, @iv={0x100, 0x117, 0x2, 0xe8, "f0726cd7685261a97ce011bcac6e884d006841843521bc50956920ff3b908cf48752139865f531cd293ef3f989134efec974a1f935e829d72900bb173f45e7fc6be3e0a4045ac9d85f67eff22c166e85b300b75d69eafb452d9ee5427935abf7ecf12e0b4b7d3e2a7072c6df32a2ebc1057ef5e331d7fc0c93c156f49186cf51d644b71bb9e07237be1568443d9c9126def5c79633c35847f786524dd6b531bf6962895b089c620310db4c8335040d497989f6bdb1beb793d4bf8a11f2708faa916cb8bf219ed2fb31ba1a22c3c754e88299f162e68ad2ad6d43ab667c78dad374b7ea42e4b89e9a"}, @assoc={0x18, 0x117, 0x4, 0x6}, @op={0x18}, @iv={0x110, 0x117, 0x2, 0xf5, "02680c3d4929e9afe7e655dd30a357066d299fea9c2f0f4ec1a3f33326ff661366ae2b2020bd624ee6e6f1c321e800af5efb966b0ef5d3c0338a27cb886f38bc3bd3040b7bce2c8b9d24b33ae2b0043d8960b44f4e56b29f9c03977f82412404590f283382c5ca794b8c9d0e427144a73003c3f7506f45c904b4dbf457793e87d27e55ddb29c5d9922ccfd23f811e95feab44e099cae471321d041dcd52743239bf387cd69abdc4faf6a1cfd4e7c68cd6ac2852e415c90881866970bb17d2a215bca4ab4da941ce55498a120b567066a4eeb31512e7fc6761bd2ed9c604f2f0038f9798a25b8c42365c4f5a2b60fabdea4fb428bed"}], 0x288, 0x8004}, {0x0, 0x0, &(0x7f0000006d80)=[{&(0x7f0000006a00)="756e4f688e9376bb02ce5c4036e10d777dce9c5ee5f8e1f787ec8057a4d8e15ed8bfacb301fc0ae2a9e7cf07578feecaa859dd00309d2460fb67e24efdff7b3b6cd5316ce4cef712785b64834f4de11281684ec97042e3435f7a2c0055afa440a166b791c4be84f409eb59a97765038c09443e723901988d054fc6a7666381982c1850abd555f83c2e07f0df33b8a0a894d0ab2571e8209572c4f147d288c2de4fc5b4ee8cfa1d3c25bd7a2c9eec7453eebc5bd7f3bd341e1db5ace653c8b0ef241384d6c53310528839bdc9a75f", 0xce}, {&(0x7f0000006b00)="7ab9c6bed1169d1f159898de675b7ef2a823114d456ca831547c0910736fb88ef36af660b58ca3ea694d436f37ecf3c9dd3ad867ba8cee1b0cdc53d86aaaaaaac2f2856d9cdcef44f88b0dffed75e23707df8ecf75a273643faba1f576d31318f2e1707a55e48c7b9b49b691293c5c0d53c059780b709817e5aac7079b9a60ce684d5a91c6339f8b3c725a86b7591f5cab51fdb05798c17402d2336d7e4e8fddd076055268b2b71a09516d0f259124acc7a68c582005", 0xb6}, {&(0x7f0000006bc0)="a722ec10df607dc3c59d40ac1b06bcac2363fc36c2959b5b7722c92ed1323d122ca577538a90929cbe67e17e86ae15a7d5b487d523805b42618ffa5316568ca84094594dda7a0f04aa0277449c26b463ed59d853e88ace399531fff88393b5641ba1ef36321d87497d5997a0a403fa3d223acfb9a5cbd28af167d21aad31bd1a34266dc3f1ce52979f9937fdaea2b45e843eded8d9063dfca4acfff55ceb1fc610b7ce55a9a1633fd4b46facdaeff05d38d1b605d63e4a87438a46285a8c6cc74910054a26fdc4f3196222b26ea06a0fce1ed0dced0881356de87da83c932ed7edf80937f5924f20adf45a770b", 0xed}, {&(0x7f0000006cc0)="4f8a8477025d4a5b9fea10a8fcfeef397d89c7d72a7d80eec2913c4d75819c67c2d98ed0dfd673", 0x27}, {&(0x7f0000006d00)="218ffafc193e14712c6d79a6d9fad6a3231edd7673de79e3373c120e849b87181058e4893a1eeb1426c1", 0x2a}, {&(0x7f0000006d40)="6092273660b798efb8c0903f2f", 0xd}], 0x6, 0x0, 0x0, 0x80}], 0xa, 0x44080) dup3(r7, r6, 0x0) sendfile(r5, r6, 0x0, 0x7fffffa5) 19:48:12 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x10100c0) 19:48:12 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xc000) 19:48:12 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:12 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xc100) 19:48:12 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x14d564b) 19:48:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:13 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xc200) 19:48:13 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:13 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:13 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x505980, 0x42) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x10000, 0x0) ioctl$TCSETA(r4, 0x5406, &(0x7f0000000080)={0x3, 0x800, 0x2d0, 0x9, 0x1b, "1a78357d49decf14"}) 19:48:13 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xcd00) 19:48:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x2000000) 19:48:13 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:13 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 605.947528][ T26] audit: type=1800 audit(1587930493.546:558): pid=26609 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=301 res=0 19:48:13 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x210801, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x23c000, 0xb1) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) 19:48:13 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xce00) 19:48:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x20100c0) 19:48:14 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:14 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:14 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = socket(0x11, 0x800000003, 0x0) bind(r2, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r2, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) socket(0x10, 0x3, 0x0) bind$packet(r1, &(0x7f0000000080)={0x11, 0x18, r3, 0x1, 0x7, 0x6, @multicast}, 0x14) r4 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) ioctl$CAPI_GET_PROFILE(r0, 0xc0404309, &(0x7f0000000000)) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r5, r4, 0x0) sendfile(r1, r4, 0x0, 0x7fffffa7) 19:48:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x24d564b) 19:48:14 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xd004) 19:48:14 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 606.688022][T26672] attempt to access beyond end of device 19:48:14 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:14 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xd901) [ 606.760803][T26672] loop3: rw=2049, want=130, limit=127 19:48:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3000000) [ 606.810108][T26672] buffer_io_error: 14 callbacks suppressed [ 606.810120][T26672] Buffer I/O error on dev loop3, logical block 129, lost async page write [ 606.868484][T26672] attempt to access beyond end of device [ 606.907498][T26672] loop3: rw=2049, want=131, limit=127 19:48:14 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xdb01) [ 606.934104][T26672] Buffer I/O error on dev loop3, logical block 130, lost async page write 19:48:14 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 606.989851][T26672] attempt to access beyond end of device [ 607.016124][T26672] loop3: rw=2049, want=132, limit=127 [ 607.041957][T26672] Buffer I/O error on dev loop3, logical block 131, lost async page write [ 607.070206][T26672] attempt to access beyond end of device [ 607.096693][T26672] loop3: rw=2049, want=133, limit=127 19:48:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x30001c0) [ 607.139133][T26672] Buffer I/O error on dev loop3, logical block 132, lost async page write 19:48:14 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 607.190051][T26672] attempt to access beyond end of device [ 607.217242][T26672] loop3: rw=2049, want=142, limit=127 19:48:14 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xde01) [ 607.252945][T26672] Buffer I/O error on dev loop3, logical block 141, lost async page write [ 607.290424][T26672] attempt to access beyond end of device [ 607.327788][T26672] loop3: rw=2049, want=143, limit=127 [ 607.347393][T26672] Buffer I/O error on dev loop3, logical block 142, lost async page write [ 607.421829][T26672] attempt to access beyond end of device [ 607.456906][T26672] loop3: rw=2049, want=144, limit=127 [ 607.491940][T26672] Buffer I/O error on dev loop3, logical block 143, lost async page write [ 607.549684][T26672] attempt to access beyond end of device [ 607.555420][T26672] loop3: rw=2049, want=145, limit=127 [ 607.577310][T26672] Buffer I/O error on dev loop3, logical block 144, lost async page write [ 607.585941][T26672] attempt to access beyond end of device [ 607.597335][T26672] loop3: rw=2049, want=148, limit=127 [ 607.603071][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 607.603089][ T26] audit: type=1804 audit(1587930495.206:562): pid=26748 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/467/file0/file0" dev="loop3" ino=303 res=1 19:48:15 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x1088802, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$SOUND_PCM_READ_CHANNELS(r0, 0x80045006, &(0x7f0000000000)) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) 19:48:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x30100c0) 19:48:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:15 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:15 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xe006) [ 607.661280][ T26] audit: type=1800 audit(1587930495.236:563): pid=26753 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="loop3" ino=303 res=0 19:48:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 607.837586][ T26] audit: type=1800 audit(1587930495.446:564): pid=26806 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=15934 res=0 19:48:15 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xe100) 19:48:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x34d564b) [ 607.902023][ T26] audit: type=1804 audit(1587930495.466:565): pid=26806 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/468/file0/file0" dev="sda1" ino=15934 res=1 19:48:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:15 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xe803) 19:48:15 executing program 3: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x2, &(0x7f00000000c0)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}, {&(0x7f00000003c0)="67121039c83a2ad7df3ae782c6e12accd40db7afe60a1d5acbd6de7ef8314a0d8eab2cd7d0e6e95535450cb7eb4f543a41349bb2eea9b2e34b06c37c2a09845bcacef9ee79b7ec1451fa891d23b54f04961afeaf3353aff2cf897cefe0cc98f5c29e78babaa38c297c4b7afb01490a83143cffca6d4f94bb476ab245c39cbae2b5cc73de26519c7def4967d1143d333c856cb897de9ae01cb7277adb1ae05404f33c736df31e84faafe43c8f356e27b030dd737507a957636fcd7f669a7dae139af4", 0xc2, 0x7fff}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r3 = socket$can_raw(0x1d, 0x3, 0x1) socket$vsock_stream(0x28, 0x1, 0x0) r4 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) r5 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) dup3(r3, r5, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) r6 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r7, &(0x7f0000000540)=ANY=[@ANYBLOB="2321202e2f66696c653020f014"], 0xd) close(r7) execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) ioctl$FS_IOC_GETVERSION(r6, 0x80087601, &(0x7f0000000000)) 19:48:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4000000) [ 608.354926][ T26] audit: type=1800 audit(1587930495.956:566): pid=26848 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=304 res=0 [ 608.401382][ T26] audit: type=1804 audit(1587930496.006:567): pid=26859 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/469/file0/file0" dev="loop3" ino=304 res=1 19:48:16 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xfc01) [ 608.534111][ T26] audit: type=1804 audit(1587930496.056:568): pid=26848 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/469/file0/file0" dev="loop3" ino=304 res=1 19:48:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40001c0) 19:48:16 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="2321202e2f66696c653020f014"], 0xd) close(r2) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="2321202e2f66696c653020f014"], 0xd) close(r3) renameat2(r2, &(0x7f00000001c0)='./file0\x00', r3, &(0x7f0000000240)='./file0\x00', 0x9) r4 = open$dir(&(0x7f0000000300)='./file0\x00', 0x452d80, 0x4) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r5, r5, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x888080, &(0x7f0000000140)={'trans=unix,', {[{@msize={'msize', 0x3d, 0x3ff}}, {@cachetag={'cachetag'}}, {@access_user='access=user'}, {@version_L='version=9p2000.L'}], [{@fsmagic={'fsmagic', 0x3d, 0x605}}, {@dont_appraise='dont_appraise'}]}}) sendfile(r1, r4, 0x0, 0x7fffffa7) 19:48:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 608.695488][ T26] audit: type=1804 audit(1587930496.186:569): pid=26875 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/469/file0/file0" dev="loop3" ino=304 res=1 19:48:16 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xfe00) 19:48:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x44d564b) [ 608.954136][ T26] audit: type=1800 audit(1587930496.556:570): pid=26912 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=305 res=0 [ 609.096768][ T26] audit: type=1804 audit(1587930496.636:571): pid=26922 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/470/file0/file0" dev="loop3" ino=305 res=1 19:48:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:16 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xff02) 19:48:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x5000000) 19:48:16 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:16 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) dup3(0xffffffffffffffff, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) 19:48:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:17 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:17 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xff0b) 19:48:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x54d564b) 19:48:17 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) close(0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0)='nl80211\x00') r4 = socket$tipc(0x1e, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'virt_wifi0\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)={0x24, r3, 0x11, 0x0, 0x0, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r5}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8}]}, 0x24}}, 0x0) r6 = socket(0x11, 0x800000003, 0x0) bind(r6, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r6, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001400)=ANY=[@ANYBLOB="64d4a22beb000b0fce00"/20, @ANYRES32=r7, @ANYBLOB="00000000ffffffff000000000f000100706669666f5f666173740000300008802400010000000000000000000000000000000000000000000600000010000200"/76], 0x64}}, 0x0) sendmsg$NL80211_CMD_LEAVE_MESH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x48, r3, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x5, 0x2}}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x5, 0x3}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r7}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x7, 0xffffffffffffffff}}, @NL80211_ATTR_WIPHY={0x8}]}, 0x48}, 0x1, 0x0, 0x0, 0x2400c040}, 0x100) r9 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r10, r9, 0x0) sendfile(r1, r9, 0x0, 0x7fffffa7) 19:48:17 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 609.931198][T26988] attempt to access beyond end of device 19:48:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x6000000) [ 610.001679][T26988] loop3: rw=2049, want=130, limit=127 19:48:17 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x10040) [ 610.084134][T26988] Buffer I/O error on dev loop3, logical block 129, lost async page write 19:48:17 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:17 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 610.161673][T26988] attempt to access beyond end of device [ 610.196141][T26988] loop3: rw=2049, want=131, limit=127 19:48:17 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 610.212208][T26988] Buffer I/O error on dev loop3, logical block 130, lost async page write [ 610.271748][T26988] attempt to access beyond end of device [ 610.291250][T26988] loop3: rw=2049, want=132, limit=127 19:48:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7000000) [ 610.378863][T26988] attempt to access beyond end of device 19:48:18 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x100c0) [ 610.420140][T26988] loop3: rw=2049, want=133, limit=127 [ 610.472556][T26988] attempt to access beyond end of device [ 610.501137][T26988] loop3: rw=2049, want=142, limit=127 19:48:18 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 610.533971][T26988] attempt to access beyond end of device [ 610.571877][T26988] loop3: rw=2049, want=143, limit=127 19:48:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x70001c0) [ 610.615488][T26988] attempt to access beyond end of device [ 610.652212][T26988] loop3: rw=2049, want=144, limit=127 [ 610.679194][T26988] attempt to access beyond end of device [ 610.713665][T26988] loop3: rw=2049, want=145, limit=127 19:48:18 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x20000) [ 610.775520][T26988] attempt to access beyond end of device [ 610.823405][T26988] loop3: rw=2049, want=148, limit=127 19:48:18 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:18 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8010040) 19:48:18 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x201c0) 19:48:18 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:18 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="2321202e2f66696c653020f014"], 0xd) close(r4) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r6 = pkey_alloc(0x0, 0x2) pkey_mprotect(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8, r6) pkey_mprotect(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, r6) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000240)={0xe, 0x18, 0xfa00, @id_afonly={0x0, r7}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f00000003c0)={0x15, 0x110, 0xfa00, {r7, 0x2, 0x0, 0x0, 0x0, @ib={0x1b, 0x2, 0xb3a1, {"c25fecfb7f053137f510881e45108f41"}, 0x401, 0x7ff, 0x1}, @ib={0x1b, 0x1, 0xffffda13, {"1668bb9c1144835b077df46e58fd949a"}, 0x5, 0x8, 0x400}}}, 0x118) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) 19:48:18 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:18 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40000) 19:48:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8030000) 19:48:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 611.549436][T27135] attempt to access beyond end of device [ 611.616567][T27135] loop3: rw=2049, want=130, limit=127 [ 611.687072][T27135] attempt to access beyond end of device 19:48:19 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x80000) [ 611.742790][T27135] loop3: rw=2049, want=131, limit=127 19:48:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xa010000) 19:48:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:19 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 611.785792][T27135] attempt to access beyond end of device [ 611.811571][T27135] loop3: rw=2049, want=132, limit=127 [ 611.842280][T27135] buffer_io_error: 8 callbacks suppressed [ 611.842293][T27135] Buffer I/O error on dev loop3, logical block 131, lost async page write [ 611.876556][T27135] attempt to access beyond end of device [ 611.891302][T27135] loop3: rw=2049, want=133, limit=127 [ 611.930109][T27135] Buffer I/O error on dev loop3, logical block 132, lost async page write [ 611.994737][T27135] attempt to access beyond end of device 19:48:19 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4d564b) [ 612.041976][T27135] loop3: rw=2049, want=142, limit=127 19:48:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xb0201c0) [ 612.089367][T27135] Buffer I/O error on dev loop3, logical block 141, lost async page write 19:48:19 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 612.146754][T27135] attempt to access beyond end of device [ 612.181068][T27135] loop3: rw=2049, want=143, limit=127 [ 612.218344][T27135] Buffer I/O error on dev loop3, logical block 142, lost async page write [ 612.274790][T27135] attempt to access beyond end of device [ 612.316527][T27135] loop3: rw=2049, want=144, limit=127 [ 612.342942][T27135] Buffer I/O error on dev loop3, logical block 143, lost async page write [ 612.368718][T27135] attempt to access beyond end of device [ 612.390663][T27135] loop3: rw=2049, want=145, limit=127 [ 612.396134][T27135] Buffer I/O error on dev loop3, logical block 144, lost async page write [ 612.407724][T27135] attempt to access beyond end of device [ 612.413375][T27135] loop3: rw=2049, want=147, limit=127 19:48:20 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x246042, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r0, 0xc0884123, &(0x7f0000000140)={0x2, "b544716d5a5ae06776176a5cfc938c4ad44d7ede432df599607a5f7187d8d033c245cdd5d9ab5a5d4fd15d42f0b57041c26a2bd686b791e2100e53dd182b380a", {0x8, 0xffff}}) fsetxattr$security_evm(r2, &(0x7f0000000000)='security.evm\x00', &(0x7f0000000080)=@v1={0x2, "70ae23db52c44a402d89f3383098"}, 0xf, 0x1) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa6) 19:48:20 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:20 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:20 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x80ffff) 19:48:20 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:20 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x10000000) 19:48:20 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x100001c0) 19:48:20 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1000000) 19:48:20 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:20 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:20 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="7261770000000000000000000000000000000000000000000000000000000000c10300000300000088030000c801000050010000500100000000000000000000b80200003802000038020000b802000038020000030000000000000000000000fe8000000000000000000000000000002001000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000007866726d3000000000000000000000007767300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005801c8010000000000000000000000000000000000000000000000005800686173686c696d697400000000000000000000000000000000000000000164756d6d793000000000000000000000000000000000000005000000000000000000000001000105000000000000000000000000000000005800686173686c696d6974000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070004e464c4f4700000000000000000000000000000000000000000000000000000000000000000000000000a262a468ac19ee142f2074290dc068f491e59991449d9b21985e92d178fb74a040acf116215e2f049e21704f59fc95c82eca7d40397b8be43f3067d37a412a6c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800f00000000000000000000000000000000000000000000000000048004c454400000000000000000000000000000000000000000000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000"], 0x3e8) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001400)=@newqdisc={0x64, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pfifo_fast={0xf, 0x1, 'pfifo_fast\x00'}, @TCA_STAB={0x30, 0x8, 0x0, 0x1, [{{0x24, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, {0x10, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}]}]}, 0x64}}, 0x0) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f00000003c0)={@loopback, @private1, @mcast2, 0x8000, 0x5, 0x0, 0x400, 0xb224, 0x200000, r2}) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r6 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0xc0002, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)={0x0, @empty, @broadcast}, &(0x7f0000000140)=0xc) sendmsg$NL80211_CMD_NEW_STATION(r6, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000800}, 0xc, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="28fd69afdbdf25130000000809000000000000860000000000000000", @ANYRES32=r7, @ANYBLOB="1c0011800400060004000100040003000400010004000300040004000c009900060000000100000005001301010000000500130100000000"], 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x800) r8 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r9, r8, 0x0) sendfile(r5, r8, 0x0, 0x7fffffa7) 19:48:20 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x10100c0) 19:48:20 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x11000000) 19:48:20 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:20 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:20 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x12000000) [ 613.150697][T27312] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 613.248931][ T26] kauditd_printk_skb: 14 callbacks suppressed [ 613.248946][ T26] audit: type=1800 audit(1587930500.856:586): pid=27312 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=309 res=0 [ 613.320393][ T26] audit: type=1804 audit(1587930500.856:587): pid=27312 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/475/file0/file0" dev="loop3" ino=309 res=1 [ 613.346624][T27312] attempt to access beyond end of device [ 613.370892][T27312] loop3: rw=2049, want=130, limit=127 [ 613.418698][T27312] Buffer I/O error on dev loop3, logical block 129, lost async page write [ 613.444553][T27312] attempt to access beyond end of device [ 613.458050][T27312] loop3: rw=2049, want=131, limit=127 19:48:21 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x14d564b) 19:48:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x120101c0) [ 613.469032][T27312] Buffer I/O error on dev loop3, logical block 130, lost async page write [ 613.487450][T27312] attempt to access beyond end of device [ 613.499901][T27312] loop3: rw=2049, want=132, limit=127 19:48:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 613.538144][T27312] Buffer I/O error on dev loop3, logical block 131, lost async page write [ 613.602559][T27312] attempt to access beyond end of device [ 613.642832][T27312] loop3: rw=2049, want=133, limit=127 [ 613.671985][T27312] Buffer I/O error on dev loop3, logical block 132, lost async page write 19:48:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x130101c0) 19:48:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x2000000) [ 613.714691][T27312] attempt to access beyond end of device [ 613.748645][T27312] loop3: rw=2049, want=142, limit=127 [ 613.806924][T27312] attempt to access beyond end of device [ 613.858484][T27312] loop3: rw=2049, want=143, limit=127 [ 613.902339][T27312] attempt to access beyond end of device [ 613.931270][T27312] loop3: rw=2049, want=144, limit=127 [ 613.958820][T27333] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 613.975302][T27312] attempt to access beyond end of device [ 614.016530][T27312] loop3: rw=2049, want=145, limit=127 [ 614.047094][ T26] audit: type=1804 audit(1587930501.646:588): pid=27390 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/475/file0/file0" dev="loop3" ino=309 res=1 19:48:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:21 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 614.097915][ T26] audit: type=1804 audit(1587930501.676:589): pid=27333 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/475/file0/file0" dev="loop3" ino=309 res=1 19:48:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x20100c0) 19:48:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x150001c0) 19:48:21 executing program 3: syz_mount_image$vfat(&(0x7f0000000340)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x80, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000440)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) r3 = syz_open_dev$mouse(&(0x7f0000000400)='/dev/input/mouse#\x00', 0x9, 0xb8040) r4 = socket(0x11, 0x800000003, 0x0) r5 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="2314202e2fc7b3cd000000000000000920edfd42dd03c8f2cd4a6ff014c134a9753d63754bab767b624285c3fb93e49a5fa3aa9f5c2fa5ada6312d4223bdc48d9bac9e77d40eaa1d18342fa38a2c3898f1ac3f8f22347bf9f548aaca97f525be06d47a616328b6eae4dbf1472981601a30696006ee3f0a8ca44ee4dbabf0e480bbb7d2e99e2647085f3412df9b0f8733ebdeaebd6ce56f12407087598a5c0e2c3c5919ef69371ddcc8acfbe0f18ac84fca1807531caf28ab8efefff61aae388d09c2209d580a42b3a340d17da5baab75f1f38b67e3b05a7fe44ca64386077822acf9c5a74231e634c5671a646a4f6ac11e767e394bdaa14c74e18b6999142af66b0a849dc6"], 0x105) close(r5) ioctl$PIO_UNIMAP(r5, 0x4b67, &(0x7f0000000180)={0x8, &(0x7f0000000140)=[{0x9, 0x7}, {0x6, 0x8}, {0x2, 0x2}, {0x0, 0xffff}, {0xff81, 0x3}, {0x1, 0x9}, {0x1000, 0x101}, {0x3, 0xffff}]}) bind(r4, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, &(0x7f0000000240)=0x10, 0x800) getsockname$packet(r4, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=ANY=[@ANYBLOB="64000100003d76583d886fd109ffff0000020000ffb2d82fecf28d928e7e83b815abe8b7", @ANYRES32=r6, @ANYBLOB="00000003ffffffff000000000f000100706669666f5f6661737400003000010000000000000000000000000000000000de120000bd738785461bef0000000010000200000000000000000000000000340ddb274d1c6ac9c533f6dae134e212b7ab7ecf1abdef0d16a5f0039ae54ce05cf85574"], 0x64}}, 0x0) connect$packet(r3, &(0x7f0000000080)={0x11, 0x10, r6, 0x1, 0x1, 0x6, @dev={[], 0x2e}}, 0x14) 19:48:21 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x24d564b) 19:48:22 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 614.377078][T27432] FAT-fs (loop3): bogus number of reserved sectors [ 614.456844][T27432] FAT-fs (loop3): Can't find a valid FAT filesystem 19:48:22 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x17000000) 19:48:22 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:22 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 614.586139][T27432] FAT-fs (loop3): bogus number of reserved sectors [ 614.603352][T27432] FAT-fs (loop3): Can't find a valid FAT filesystem 19:48:22 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3000000) 19:48:22 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000080)) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) 19:48:22 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 19:48:22 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x170101c0) 19:48:22 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:22 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x30001c0) [ 614.990930][ T26] audit: type=1800 audit(1587930502.586:590): pid=27499 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=310 res=0 [ 615.009955][ T26] audit: type=1804 audit(1587930502.586:591): pid=27499 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/477/file0/file0" dev="loop3" ino=310 res=1 [ 615.059859][T27499] attempt to access beyond end of device [ 615.111305][T27499] loop3: rw=2049, want=130, limit=127 [ 615.140508][T27499] attempt to access beyond end of device [ 615.179482][T27499] loop3: rw=2049, want=131, limit=127 [ 615.291695][T27499] attempt to access beyond end of device [ 615.325174][T27499] loop3: rw=2049, want=132, limit=127 19:48:22 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1b000000) [ 615.360938][T27499] attempt to access beyond end of device 19:48:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x30100c0) [ 615.403117][T27499] loop3: rw=2049, want=133, limit=127 [ 615.441073][T27499] attempt to access beyond end of device [ 615.474617][T27499] loop3: rw=2049, want=142, limit=127 19:48:23 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 615.498185][T27499] attempt to access beyond end of device [ 615.529536][T27499] loop3: rw=2049, want=143, limit=127 [ 615.577825][T27499] attempt to access beyond end of device [ 615.615034][T27499] loop3: rw=2049, want=144, limit=127 19:48:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x34d564b) [ 615.650095][T27499] attempt to access beyond end of device 19:48:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1b0001c0) 19:48:23 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 615.695026][T27499] loop3: rw=2049, want=145, limit=127 [ 615.723244][T27499] attempt to access beyond end of device [ 615.744483][T27499] loop3: rw=2049, want=146, limit=127 [ 615.759670][ T26] audit: type=1804 audit(1587930503.356:592): pid=27556 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/477/file0/file0" dev="loop3" ino=310 res=1 19:48:23 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x9) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) r4 = getpid() r5 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r5) ptrace$setopts(0x4206, r5, 0x0, 0x0) r6 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) kcmp(r4, r5, 0xb, r6, r2) 19:48:23 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 615.884129][ T26] audit: type=1804 audit(1587930503.356:593): pid=27558 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/477/file0/file0" dev="loop3" ino=310 res=1 19:48:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1e010000) 19:48:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4000000) [ 616.075574][ T26] audit: type=1800 audit(1587930503.606:594): pid=27588 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=15978 res=0 19:48:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1f0001c0) [ 616.192358][ T26] audit: type=1804 audit(1587930503.606:595): pid=27588 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/478/file0" dev="sda1" ino=15978 res=1 19:48:23 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 19:48:23 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r4 = dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) setsockopt$rose(r4, 0x104, 0x2, &(0x7f0000000000)=0x1eb, 0x4) 19:48:24 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:24 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40001c0) 19:48:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x20000000) 19:48:24 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000240)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x00\x00\x00\x00\t\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x93\xf6\x7f\f\xeb(-\xb3\x9a\xde~\x80\x00i\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x10\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\x7f\x00\x00\x00\xcd\x15\xc1K\xab\xe9\xe3h\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x95(\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1xX\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\xb8T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xbaO\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xba\xc6\x1aV\x04\xff\x190wR;\x8c\t\x8b~T\xac\xa0\xd7j&\xe0\x19\x9c\x13\x00\xca\x1c\x17\x1b=~\xaa\xad\x8c\x04\xf4\xfdT\x00'/540) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000000140)={0x14, r4, 0x1}, 0x14}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 616.559932][T27640] attempt to access beyond end of device [ 616.565686][T27640] loop3: rw=2049, want=130, limit=127 [ 616.628202][T27640] attempt to access beyond end of device [ 616.688020][T27640] loop3: rw=2049, want=131, limit=127 [ 616.713268][T27640] attempt to access beyond end of device 19:48:24 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x44d564b) 19:48:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x200001c0) 19:48:24 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 616.742275][T27640] loop3: rw=2049, want=132, limit=127 [ 616.767342][T27640] attempt to access beyond end of device [ 616.787756][T27640] loop3: rw=2049, want=133, limit=127 [ 616.798718][T27640] attempt to access beyond end of device [ 616.821124][T27640] loop3: rw=2049, want=142, limit=127 [ 616.840533][T27640] attempt to access beyond end of device 19:48:24 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, 0x1c) syz_emit_ethernet(0x2e, &(0x7f00000000c0)={@link_local, @dev, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @remote={0xac, 0x8}, @broadcast=0xe0000001}, {0x0, 0xe22, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) [ 616.868581][T27640] loop3: rw=2049, want=143, limit=127 [ 616.915328][T27640] buffer_io_error: 17 callbacks suppressed [ 616.915341][T27640] Buffer I/O error on dev loop3, logical block 142, lost async page write [ 617.001254][T27640] attempt to access beyond end of device [ 617.038043][T27640] loop3: rw=2049, want=144, limit=127 19:48:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x22010000) [ 617.072169][T27640] Buffer I/O error on dev loop3, logical block 143, lost async page write 19:48:24 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x5000000) [ 617.139400][T27640] attempt to access beyond end of device [ 617.167908][T27640] loop3: rw=2049, want=145, limit=127 [ 617.192877][T27640] Buffer I/O error on dev loop3, logical block 144, lost async page write [ 617.245749][T27640] attempt to access beyond end of device [ 617.275892][T27640] loop3: rw=2049, want=146, limit=127 19:48:25 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x40c2, 0x13) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) 19:48:25 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x8a002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000200)={@val={0x2}, @void, @eth={@random="20800000964b", @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x29, 0x0, @multicast1, @multicast1}, {{}, {}, {}, {}, {0x8, 0x22eb, 0x0, {{}, 0x2b}}}}}}}}, 0x6a) 19:48:25 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x54d564b) 19:48:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x221001c0) 19:48:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x2a000000) 19:48:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 617.729542][T27770] attempt to access beyond end of device [ 617.764177][T27770] loop3: rw=2049, want=130, limit=127 [ 617.800913][T27770] Buffer I/O error on dev loop3, logical block 129, lost async page write [ 617.839612][T27770] attempt to access beyond end of device 19:48:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:25 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x6000000) [ 617.862421][T27770] loop3: rw=2049, want=131, limit=127 [ 617.912590][T27770] Buffer I/O error on dev loop3, logical block 130, lost async page write [ 617.968030][T27770] attempt to access beyond end of device [ 618.008529][T27770] loop3: rw=2049, want=132, limit=127 [ 618.033891][T27770] Buffer I/O error on dev loop3, logical block 131, lost async page write 19:48:25 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7000000) 19:48:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x2a1001c0) [ 618.059016][T27770] attempt to access beyond end of device [ 618.071403][T27770] loop3: rw=2049, want=133, limit=127 [ 618.083670][T27770] Buffer I/O error on dev loop3, logical block 132, lost async page write [ 618.124726][T27770] attempt to access beyond end of device [ 618.160679][T27770] loop3: rw=2049, want=142, limit=127 [ 618.186421][T27770] Buffer I/O error on dev loop3, logical block 141, lost async page write [ 618.224692][T27770] attempt to access beyond end of device [ 618.255695][T27770] loop3: rw=2049, want=143, limit=127 [ 618.271529][T27770] Buffer I/O error on dev loop3, logical block 142, lost async page write [ 618.290403][T27770] attempt to access beyond end of device [ 618.302858][T27770] loop3: rw=2049, want=144, limit=127 [ 618.315069][T27770] Buffer I/O error on dev loop3, logical block 143, lost async page write [ 618.332603][T27770] attempt to access beyond end of device [ 618.345014][T27770] loop3: rw=2049, want=145, limit=127 [ 618.356131][T27770] attempt to access beyond end of device [ 618.368864][T27770] loop3: rw=2049, want=147, limit=127 19:48:26 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = socket$netlink(0x10, 0x3, 0x0) setfsgid(0x0) r1 = getgid() setfsgid(r1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000000)="39000000130009006900000008000000ab008000200000004600010707000014190001001000000800005068000000000000ef38bf461e59d7", 0x39}], 0x1) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x0) setsockopt$inet6_MRT6_DEL_MFC(r2, 0x29, 0xcd, &(0x7f00000000c0)={{0xa, 0x0, 0x78, @mcast1}, {0xa, 0x0, 0x0, @private1, 0x3d}, 0x0, [0x0, 0x9, 0x0, 0x10001, 0x101, 0x80000000, 0xc6, 0x1ff]}, 0x5c) 19:48:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:26 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x2c000000) 19:48:26 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x70001c0) 19:48:26 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:26 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) setxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=@random={'security.', ')selinux/(\x00'}, &(0x7f00000000c0)='\xb8\x00', 0x2, 0x2) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) [ 618.399008][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 618.399048][ T26] audit: type=1804 audit(1587930505.997:602): pid=27835 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/480/file0/file0" dev="loop3" ino=312 res=1 19:48:26 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x2c1001c0) 19:48:26 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8010040) 19:48:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 618.817780][ T26] audit: type=1800 audit(1587930506.417:603): pid=27876 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=313 res=0 [ 618.870955][T27876] attempt to access beyond end of device [ 618.884268][T27876] loop3: rw=2049, want=130, limit=127 [ 618.897379][T27876] attempt to access beyond end of device [ 618.924069][T27876] loop3: rw=2049, want=131, limit=127 [ 618.943512][ T26] audit: type=1804 audit(1587930506.437:604): pid=27892 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/481/file0/file0" dev="loop3" ino=313 res=1 19:48:26 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8030000) [ 618.970646][T27876] attempt to access beyond end of device [ 618.989488][T27876] loop3: rw=2049, want=132, limit=127 19:48:26 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x30080000) [ 619.048979][T27899] kvm_set_msr_common: 1335 callbacks suppressed [ 619.049045][T27899] kvm [27898]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop [ 619.079297][T27876] attempt to access beyond end of device [ 619.098110][T27876] loop3: rw=2049, want=133, limit=127 [ 619.123601][T27876] attempt to access beyond end of device [ 619.146981][T27899] kvm [27898]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop [ 619.162216][T27876] loop3: rw=2049, want=142, limit=127 19:48:26 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 619.192989][T27876] attempt to access beyond end of device [ 619.213485][T27899] kvm [27898]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop [ 619.253249][T27876] loop3: rw=2049, want=143, limit=127 [ 619.269137][T27899] kvm [27898]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop [ 619.280712][T27876] attempt to access beyond end of device [ 619.298679][T27876] loop3: rw=2049, want=144, limit=127 [ 619.311023][T27899] kvm [27898]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop [ 619.323532][T27876] attempt to access beyond end of device [ 619.331087][T27876] loop3: rw=2049, want=145, limit=127 [ 619.338194][T27899] kvm [27898]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop [ 619.372015][T27876] attempt to access beyond end of device [ 619.399161][T27876] loop3: rw=2049, want=147, limit=127 [ 619.405234][T27899] kvm [27898]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop 19:48:27 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x8) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) 19:48:27 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = socket$netlink(0x10, 0x3, 0x0) setfsgid(0x0) r1 = getgid() setfsgid(r1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000000)="39000000130009006900000008000000ab008000200000004600010707000014190001001000000800005068000000000000ef38bf461e59d7", 0x39}], 0x1) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x0) setsockopt$inet6_MRT6_DEL_MFC(r2, 0x29, 0xcd, &(0x7f00000000c0)={{0xa, 0x0, 0x78, @mcast1}, {0xa, 0x0, 0x0, @private1, 0x3d}, 0x0, [0x0, 0x9, 0x0, 0x10001, 0x101, 0x80000000, 0xc6, 0x1ff]}, 0x5c) [ 619.419864][T27899] kvm [27898]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop [ 619.433585][T27899] kvm [27898]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop [ 619.447389][T27899] kvm [27898]: vcpu0, guest rIP: 0xcc kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop [ 619.641783][T27937] FAT-fs (loop3): bogus number of reserved sectors [ 619.675240][T27937] FAT-fs (loop3): Can't find a valid FAT filesystem 19:48:27 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x34000000) 19:48:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xa000000) 19:48:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 619.767695][ T26] audit: type=1804 audit(1587930507.367:605): pid=27937 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/482/file0/file0" dev="sda1" ino=15955 res=1 [ 619.815533][T27937] FAT-fs (loop3): bogus number of reserved sectors [ 619.852197][T27937] FAT-fs (loop3): Can't find a valid FAT filesystem 19:48:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xa010000) 19:48:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:27 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3a000000) 19:48:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xb0201c0) 19:48:27 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) get_mempolicy(&(0x7f0000000200), &(0x7f00000001c0), 0x9aa, &(0x7f0000ffc000/0x1000)=nil, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x76, 0x4) sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}, 0x1, 0x0, 0x0, 0x8080}, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pie={{0x8, 0x1, 'pie\x00'}, {0xc, 0x2, [@TCA_PIE_BETA={0x8}]}}]}, 0x38}}, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10) r4 = socket(0x11, 0x800000003, 0x8) bind(r4, &(0x7f0000000280)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x58) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f00000007c0)='bbr\x00', 0x4) ioctl$sock_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860ac5cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x20c49a, 0x0, 0x27) 19:48:28 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3b000000) 19:48:28 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x10000000) 19:48:28 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:28 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000080)="48b88a000000000000000f23c80f21f8350000d000c4a3790869030cc402750d4e0e66653e67660f38224348a90720560fc75c88e40f001a0f20d835080000000f22d80f20e035200000000f22e0470f1c0ab9800000c00f3235000400002e640fc75fdb", 0x64}], 0x1, 0x0, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr\x00') r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff5d, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 19:48:28 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:28 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40000000) 19:48:28 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x100001c0) [ 621.245279][T28052] kvm: emulating exchange as write 19:48:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x11000000) 19:48:29 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4000009f) 19:48:29 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000080)="48b88a000000000000000f23c80f21f8350000d000c4a3790869030cc402750d4e0e66653e67660f38224348a90720560fc75c88e40f001a0f20d835080000000f22d80f20e035200000000f22e0470f1c0ab9800000c00f3235000400002e640fc75fdb", 0x64}], 0x1, 0x0, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr\x00') r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff5d, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 19:48:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x12000000) 19:48:29 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x400000b0) 19:48:29 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 19:48:29 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x400000b7) 19:48:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x120101c0) 19:48:29 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000140)={0x0, {{0x2, 0x0, @multicast2=0xe0000001}}, {{0x2, 0x0, @local}}}, 0x108) 19:48:29 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 19:48:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x130101c0) 19:48:29 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40000100) 19:48:29 executing program 1: sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0xa, 0x0, 0x0, 0xfffffffffffffffd, 0x400000000000000, 0x0, 0x0, 0x1}, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7ff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f00000001c0)=ANY=[@ANYBLOB="790bf6df8b27261dc8a9d0e669"]) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$cont(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x20002, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000200)={[{0x9, 0x0, 0x5, 0xff, 0x9, 0xff, 0x2, 0x0, 0x9, 0x3, 0x0, 0x0, 0x2}, {0xfff, 0x468, 0x1, 0x40, 0x0, 0x0, 0x20, 0x8e, 0xdf, 0x6, 0xa7, 0x9, 0x5}, {0x401, 0x0, 0x6, 0x1, 0x1, 0x3, 0x6, 0x8, 0x0, 0x0, 0xff, 0x9, 0x57}], 0x1}) 19:48:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000002600)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 19:48:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x150001c0) [ 622.576314][T28177] pit: kvm: requested 7542 ns i8254 timer period limited to 200000 ns 19:48:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40000108) 19:48:30 executing program 1: sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0xa, 0x0, 0x0, 0xfffffffffffffffd, 0x400000000000000, 0x0, 0x0, 0x1}, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7ff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f00000001c0)=ANY=[@ANYBLOB="790bf6df8b27261dc8a9d0e669"]) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$cont(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x20002, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000200)={[{0x9, 0x0, 0x5, 0xff, 0x9, 0xff, 0x2, 0x0, 0x9, 0x3, 0x0, 0x0, 0x2}, {0xfff, 0x468, 0x1, 0x40, 0x0, 0x0, 0x20, 0x8e, 0xdf, 0x6, 0xa7, 0x9, 0x5}, {0x401, 0x0, 0x6, 0x1, 0x1, 0x3, 0x6, 0x8, 0x0, 0x0, 0xff, 0x9, 0x57}], 0x1}) 19:48:30 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000100)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x0, 0x1d, 0x0, "2461758a5264d9a14fb62fe6bce0eeb5025264c73c839e09f5ff08cccc6e3ffd7477f28557a8556964d283b24c2a0e31a1d4a8d735eec48df90a55e5c0b3a337860cfd677448d1258641934ef7302d02"}, 0xd8) connect$inet(r2, &(0x7f0000000280), 0x10) 19:48:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x17000000) 19:48:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 623.036293][T28223] pit: kvm: requested 7542 ns i8254 timer period limited to 200000 ns 19:48:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40010000) 19:48:30 executing program 2: r0 = getpgid(0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x24000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x1}}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x20, 0x3, 0x0, 0x0, 0x41c2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x4) readv(r1, &(0x7f0000000040)=[{&(0x7f0000000240)=""/205, 0xcd}], 0x1) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000080)={'syzkaller0\x00', {0x2, 0x4e20, @loopback}}) r2 = syz_open_dev$loop(&(0x7f0000000880)='/dev/loop#\x00', 0x0, 0x182) inotify_init1(0x800) r3 = memfd_create(&(0x7f0000000240)='.^\xc5', 0x0) pwritev(r3, &(0x7f0000000340)=[{&(0x7f0000000140)='!', 0x1}], 0x1, 0x81805) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0)='nl80211\x00') sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(0xffffffffffffffff, 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3) sendfile(r2, r2, 0x0, 0x24000000) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff) 19:48:30 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'\x00', 0xc205}) ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0xb) 19:48:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x170101c0) 19:48:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x400101c0) 19:48:31 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/icmp6\x00') lseek(r0, 0x9, 0x0) 19:48:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:31 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x410101c0) 19:48:31 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1b000000) 19:48:31 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) close(r2) socketpair$unix(0x1, 0x80000000001, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom(r3, &(0x7f0000000040)=""/184, 0xffffffc9, 0x40012500, 0x0, 0xffffffffffffff49) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4004ffe0, 0x0) ioctl$RTC_PLL_SET(0xffffffffffffffff, 0x40207012, 0x0) socket$nl_route(0x10, 0x3, 0x0) 19:48:31 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x48000000) 19:48:31 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1b0001c0) 19:48:31 executing program 2: r0 = getpgid(0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x24000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x1}}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x20, 0x3, 0x0, 0x0, 0x41c2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x4) readv(r1, &(0x7f0000000040)=[{&(0x7f0000000240)=""/205, 0xcd}], 0x1) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000080)={'syzkaller0\x00', {0x2, 0x4e20, @loopback}}) r2 = syz_open_dev$loop(&(0x7f0000000880)='/dev/loop#\x00', 0x0, 0x182) inotify_init1(0x800) r3 = memfd_create(&(0x7f0000000240)='.^\xc5', 0x0) pwritev(r3, &(0x7f0000000340)=[{&(0x7f0000000140)='!', 0x1}], 0x1, 0x81805) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0)='nl80211\x00') sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(0xffffffffffffffff, 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3) sendfile(r2, r2, 0x0, 0x24000000) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff) 19:48:31 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x49000000) 19:48:32 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1e010000) 19:48:32 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:32 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x1120024, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYRES64], 0xc) close(0xffffffffffffffff) r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0) r5 = socket$inet6(0xa, 0x5, 0x0) getsockopt$bt_hci(r5, 0x84, 0x75, 0x0, &(0x7f0000001140)) ftruncate(r4, 0x208200) r6 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0)='NLBL_UNLBL\x00') creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000240), 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x88, 0x0, 0x100, 0x70bd29, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:audisp_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'ip6gretap0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'nr0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x22, 0x7, 'system_u:object_r:devlog_t:s0\x00'}]}, 0x88}, 0x1, 0x0, 0x0, 0x48c0}, 0x40005) sendmsg$NLBL_UNLABEL_C_LIST(r4, &(0x7f00000015c0)={&(0x7f0000001500)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001580)={&(0x7f0000001540)={0x1c, r6, 0x800, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24004810}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r6, 0x800, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) ioctl$SNDCTL_DSP_GETCAPS(r1, 0x8004500f, &(0x7f0000000000)) 19:48:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4b564d00) [ 624.694903][ T26] audit: type=1800 audit(1587930512.287:606): pid=28369 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16043 res=0 19:48:32 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1f0001c0) [ 624.724164][ T26] audit: type=1804 audit(1587930512.287:607): pid=28369 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/483/file0/file0" dev="sda1" ino=16043 res=1 19:48:32 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x111000, 0x0) ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f0000000080)) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r3 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r5 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r5, &(0x7f0000000540)=ANY=[@ANYBLOB="2321202e2f66696c653020f014"], 0xd) close(r5) sendmsg$NFT_MSG_GETGEN(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x6db7fd3ac2af099}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, 0x10, 0xa, 0x801, 0x0, 0x0, {0x3, 0x0, 0x6}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x10000000}, 0x44044) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r6, &(0x7f0000000540)=ANY=[@ANYBLOB="2321202e2f66696c6d3020f014"], 0xd) close(r6) ioctl$HDIO_GETGEO(r6, 0x301, &(0x7f00000000c0)) dup3(r4, r3, 0x0) sendfile(r2, r3, 0x0, 0x7fffffa7) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f0000000400)={0x9b0000, 0x8001, 0x8, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0xa00965, 0x9, [], @p_u16=&(0x7f0000000340)=0x3400}}) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r7, 0x40106614, &(0x7f0000000440)) 19:48:32 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) 19:48:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4b564d01) 19:48:32 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x20000000) 19:48:32 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="300000001700010125bd7000000000000100000008000100ffffffff14000b00fc02000000000000ed7ff46c00000001a52c5b1303b9204a2027869d95127bd4325aa68dcf496f94164f0f609c2660b46c43625329234c65db90cf2c3fe7a9324ba1f9f8ea05000000fc0c7c63e42e823b9bbab5d88c127c739e3f4bc55dad6101a8e1641a4fff09f85c3fbf86522dcd7b2b408e603e48c7f34efc5295087ed9d4c6912272a31bfb8cd0a3cd1daa85c585b10696ee5d71e226f4328d34106f3681bbdc030bff14f7236fdd3f739fea6d35e6fd123cbe22804ae943da08630c7da1a2f1c64ba3d21be27a6538538ff13fcea2d8b92fb5a95b927dd79676d95629a20b111c5a64495eaee9e393b85a86fb486b52957b4c4aabf6a1d767d73daca564762fdf354e39121f8ff3304ce7122bbbcf14a4ca55ea87bec969e98eb7b826fe38e503f03c89e4541480611a45e28925e56a4a72509e7a88e07f493576aba3e968904adfe6cbc64c1a4d5f9cb83b679f7bebe1c61923948b6e48324611c5bb8a158e7f5bf0ec8a28e1b760bb24f01b935891239c8124685d6bcb2bc73d2d1a3696d9e38e6bd1270bd2dc991d4c89362f856b45b16b34bef68ac67d3636b02087970d7674aea5879056e52f86306f0db67e05789f12c2c8e045bb8f7709fa565bee34c5a9b2ca000eed848e69653f21c99a3aae636afe0c7c7d8b7ce8cb0ee9d2f3ed5c0ddb734ec8eee17c116b1d3adf98cb7673a341a8f956e09999853668bda60bc227c17d4c2072872bd3d81ec6cfd030fae418069f205b73f6fdc43b8d0054ab60bdaa1104c7ede69281d36dbe53418923cd1ff3ca1977de70ad99e97aef566887cea93a74e53a4e4ee274ad468754e96d041f859742a7adec1b3f82d2e177ab4b6e802f65f9e863d8c4c6a3331d946bbc110ceec8"], 0x30}}, 0x4000800) [ 625.333080][ T26] audit: type=1800 audit(1587930512.927:608): pid=28425 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=314 res=0 [ 625.414062][T28425] attempt to access beyond end of device [ 625.465641][ T26] audit: type=1804 audit(1587930512.927:609): pid=28425 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/484/file0/file0" dev="loop3" ino=314 res=1 [ 625.471343][T28425] loop3: rw=2049, want=130, limit=127 [ 625.494497][ T26] audit: type=1804 audit(1587930512.957:610): pid=28425 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/484/file0/file0" dev="loop3" ino=314 res=1 [ 625.523476][ T26] audit: type=1804 audit(1587930512.957:611): pid=28425 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/484/file0/file0" dev="loop3" ino=314 res=1 [ 625.573201][T28425] buffer_io_error: 9 callbacks suppressed [ 625.573216][T28425] Buffer I/O error on dev loop3, logical block 129, lost async page write [ 625.639607][T28425] attempt to access beyond end of device [ 625.646628][T28425] loop3: rw=2049, want=131, limit=127 [ 625.653127][T28425] Buffer I/O error on dev loop3, logical block 130, lost async page write [ 625.662482][T28425] attempt to access beyond end of device [ 625.669028][T28425] loop3: rw=2049, want=132, limit=127 [ 625.675318][T28425] Buffer I/O error on dev loop3, logical block 131, lost async page write [ 625.684849][T28425] attempt to access beyond end of device [ 625.691425][T28425] loop3: rw=2049, want=133, limit=127 [ 625.697851][T28425] Buffer I/O error on dev loop3, logical block 132, lost async page write 19:48:33 executing program 2: r0 = getpgid(0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x24000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x1}}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x20, 0x3, 0x0, 0x0, 0x41c2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x4) readv(r1, &(0x7f0000000040)=[{&(0x7f0000000240)=""/205, 0xcd}], 0x1) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000080)={'syzkaller0\x00', {0x2, 0x4e20, @loopback}}) r2 = syz_open_dev$loop(&(0x7f0000000880)='/dev/loop#\x00', 0x0, 0x182) inotify_init1(0x800) r3 = memfd_create(&(0x7f0000000240)='.^\xc5', 0x0) pwritev(r3, &(0x7f0000000340)=[{&(0x7f0000000140)='!', 0x1}], 0x1, 0x81805) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0)='nl80211\x00') sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(0xffffffffffffffff, 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3) sendfile(r2, r2, 0x0, 0x24000000) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff) 19:48:33 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4b564d02) 19:48:33 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x200001c0) 19:48:33 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:33 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000000c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x310, 0x108, 0x0, 0x0, 0xee03, 0x108, 0x240, 0x240, 0x240, 0x240, 0x240, 0x4, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaa], 0x0, 0xe0, 0x108, 0x0, {}, [@common=@unspec=@connbytes={{0x38, 'connbytes\x00'}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffb}}, {{@uncond, 0x0, 0xd0, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x90) [ 625.754988][ T26] audit: type=1804 audit(1587930513.347:612): pid=28441 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/484/file0/file0" dev="loop3" ino=314 res=1 19:48:33 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) [ 625.842625][T28451] xt_connbytes: Forcing CT accounting to be enabled [ 625.853267][ T26] audit: type=1804 audit(1587930513.387:613): pid=28441 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/484/file0/file0" dev="loop3" ino=314 res=1 [ 625.879798][T28451] xt_CT: You must specify a L4 protocol and not use inversions on it [ 625.898104][ T21] attempt to access beyond end of device [ 625.904291][ T21] loop3: rw=1, want=146, limit=127 19:48:33 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x1c, 0x8, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_CPUID(r4, 0x4008ae8a, &(0x7f00000001c0)=ANY=[@ANYBLOB="03000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000a000000ff"]) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40008, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19:48:33 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:33 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4b564d03) 19:48:33 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x22010000) [ 626.134621][ T26] audit: type=1800 audit(1587930513.727:614): pid=28479 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=315 res=0 19:48:33 executing program 1: r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000ddc1517600"}) r2 = syz_open_pts(r1, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) read(r2, 0x0, 0x6c00) dup2(r0, r2) dup3(r2, r1, 0x0) [ 626.240237][T28479] attempt to access beyond end of device 19:48:33 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 626.283873][ T26] audit: type=1804 audit(1587930513.767:615): pid=28479 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir215397203/syzkaller.r7DCOW/485/file0/file0" dev="loop3" ino=315 res=1 [ 626.316530][T28479] loop3: rw=2049, want=130, limit=127 [ 626.339119][T28479] Buffer I/O error on dev loop3, logical block 129, lost async page write [ 626.371948][T28479] attempt to access beyond end of device [ 626.405705][T28479] loop3: rw=2049, want=131, limit=127 [ 626.426255][T28479] Buffer I/O error on dev loop3, logical block 130, lost async page write [ 626.443744][T28479] attempt to access beyond end of device [ 626.452137][T28479] loop3: rw=2049, want=132, limit=127 [ 626.563346][T28479] Buffer I/O error on dev loop3, logical block 131, lost async page write [ 626.666005][T28479] attempt to access beyond end of device [ 626.671670][T28479] loop3: rw=2049, want=133, limit=127 [ 626.696038][T28479] Buffer I/O error on dev loop3, logical block 132, lost async page write [ 626.730250][T28479] attempt to access beyond end of device [ 626.736450][T28479] loop3: rw=2049, want=142, limit=127 [ 626.765956][T28479] Buffer I/O error on dev loop3, logical block 141, lost async page write [ 626.774511][T28479] attempt to access beyond end of device [ 626.815894][T28479] loop3: rw=2049, want=143, limit=127 [ 626.831150][T28479] Buffer I/O error on dev loop3, logical block 142, lost async page write [ 626.851662][T28479] attempt to access beyond end of device [ 626.863967][T28479] loop3: rw=2049, want=144, limit=127 [ 626.879558][T28479] attempt to access beyond end of device [ 626.895417][T28479] loop3: rw=2049, want=145, limit=127 [ 626.909671][T28479] attempt to access beyond end of device [ 626.921978][T28479] loop3: rw=2049, want=147, limit=127 19:48:34 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x4}) 19:48:34 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x221001c0) 19:48:34 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x6000081) perf_event_open(0x0, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4b564d04) 19:48:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0xd8, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8010}, 0x6000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:48:34 executing program 1: r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000ddc1517600"}) r2 = syz_open_pts(r1, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) read(r2, 0x0, 0x6c00) dup2(r0, r2) dup3(r2, r1, 0x0) 19:48:34 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) [ 627.333884][T28543] ================================================================== [ 627.342027][T28543] BUG: KCSAN: data-race in hrtimer_interrupt / print_tickdevice.isra.0 [ 627.350261][T28543] [ 627.352600][T28543] write to 0xffff88812c119398 of 8 bytes by interrupt on cpu 1: [ 627.361839][T28543] hrtimer_interrupt+0xa7/0x490 [ 627.366701][T28543] smp_apic_timer_interrupt+0xd8/0x270 [ 627.372173][T28543] apic_timer_interrupt+0xf/0x20 [ 627.377204][T28543] vcpu_enter_guest+0x9c0/0x3740 [ 627.382152][T28543] kvm_arch_vcpu_ioctl_run+0x281/0xd60 [ 627.387701][T28543] kvm_vcpu_ioctl+0x70b/0x9d0 [ 627.392380][T28543] ksys_ioctl+0x101/0x150 [ 627.396728][T28543] __x64_sys_ioctl+0x47/0x60 [ 627.401341][T28543] do_syscall_64+0xc7/0x3b0 [ 627.405863][T28543] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 627.411742][T28543] [ 627.414108][T28543] read to 0xffff88812c119398 of 8 bytes by task 28543 on cpu 0: [ 627.421824][T28543] print_tickdevice.isra.0+0x14a/0x3c0 [ 627.427309][T28543] timer_list_show+0x85/0x140 [ 627.431991][T28543] seq_read+0x2ef/0x940 [ 627.436185][T28543] proc_reg_read+0x17f/0x1b0 [ 627.440775][T28543] do_iter_read+0x33f/0x3a0 [ 627.445276][T28543] vfs_readv+0x9c/0xf0 [ 627.449541][T28543] default_file_splice_read+0x361/0x590 [ 627.455092][T28543] do_splice_to+0xc7/0x100 [ 627.459644][T28543] splice_direct_to_actor+0x1b9/0x540 [ 627.465028][T28543] do_splice_direct+0x152/0x1d0 [ 627.470053][T28543] do_sendfile+0x380/0x800 [ 627.474478][T28543] __x64_sys_sendfile64+0x121/0x140 [ 627.479686][T28543] do_syscall_64+0xc7/0x3b0 [ 627.484191][T28543] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 627.490064][T28543] [ 627.492376][T28543] Reported by Kernel Concurrency Sanitizer on: [ 627.498726][T28543] CPU: 0 PID: 28543 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0 [ 627.507391][T28543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 627.517441][T28543] ================================================================== [ 627.525484][T28543] Kernel panic - not syncing: panic_on_warn set ... [ 627.532060][T28543] CPU: 0 PID: 28543 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0 [ 627.540729][T28543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 627.550784][T28543] Call Trace: [ 627.554083][T28543] dump_stack+0x11d/0x187 [ 627.558423][T28543] panic+0x210/0x640 [ 627.562324][T28543] ? vprintk_func+0x89/0x13a [ 627.566921][T28543] kcsan_report.cold+0xc/0x1a [ 627.571768][T28543] kcsan_setup_watchpoint+0x3fb/0x440 [ 627.577168][T28543] print_tickdevice.isra.0+0x14a/0x3c0 [ 627.582625][T28543] timer_list_show+0x85/0x140 [ 627.587296][T28543] seq_read+0x2ef/0x940 [ 627.591448][T28543] ? seq_hlist_start_head_rcu+0x60/0x60 [ 627.597160][T28543] proc_reg_read+0x17f/0x1b0 [ 627.601755][T28543] do_iter_read+0x33f/0x3a0 [ 627.606252][T28543] vfs_readv+0x9c/0xf0 [ 627.610338][T28543] ? __read_once_size.constprop.0+0xd/0x20 [ 627.616142][T28543] ? iov_iter_get_pages_alloc+0x260/0xaa0 [ 627.621854][T28543] default_file_splice_read+0x361/0x590 [ 627.627408][T28543] ? rw_verify_area+0xe5/0x230 [ 627.632160][T28543] ? iter_file_splice_write+0x830/0x830 [ 627.637694][T28543] do_splice_to+0xc7/0x100 [ 627.642114][T28543] splice_direct_to_actor+0x1b9/0x540 [ 627.647476][T28543] ? generic_pipe_buf_nosteal+0x20/0x20 [ 627.653029][T28543] do_splice_direct+0x152/0x1d0 [ 627.657874][T28543] do_sendfile+0x380/0x800 [ 627.662292][T28543] __x64_sys_sendfile64+0x121/0x140 [ 627.667482][T28543] do_syscall_64+0xc7/0x3b0 [ 627.671979][T28543] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 627.677863][T28543] RIP: 0033:0x45c829 [ 627.681753][T28543] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 627.701342][T28543] RSP: 002b:00007f667719bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 627.709836][T28543] RAX: ffffffffffffffda RBX: 00000000004fc040 RCX: 000000000045c829 [ 627.717881][T28543] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 627.725838][T28543] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 627.734679][T28543] R10: 000000007fffffa7 R11: 0000000000000246 R12: 00000000ffffffff [ 627.742640][T28543] R13: 00000000000008d6 R14: 00000000004cb7a1 R15: 00007f667719c6d4 [ 627.752141][T28543] Kernel Offset: disabled [ 627.756891][T28543] Rebooting in 86400 seconds..